Special Flash Webcast: Tuesday March 18, 2003 3:00 EST, (2000 UTC)
Overview: Windows 2000 WebDAV Buffer Overflow Exploit Against IIS 5.0
Will a new Code Red Worm get to your machine before you take the
necessary steps to protect yourself?
If you are running IIS 5.0 on Windows 2000, you probably already know
that a buffer overflow exploit has been discovered in a WebDAV component
on IIS 5.0. The error permits the remote execution of arbitrary
commands, and that's all the hackers need to start up another worm with
nearly the same impact as Code Red.
WebDAV is used to manage files on the web server using the HTTP/HTTPS
protocol itself, hence, it operates over TCP 80/443. WebDAV is enabled
by default and Microsoft has assigned a severity rating of CRITICAL to
this issue. Tuesday's webcast will discuss the WebDAV vulnerability and
how to fix it before the race to complete the "WebDAV Worm" is
completed.
The webcast features two top Windows Security experts who will first
give you an overview and then answer your questions:
Jason Fossen: SANS premier teacher of advanced security techniques for
Windows.
Chris Weber: Author of the definitive book on Windows XP Security
There is no cost.
Register early to reserve a seat in the live program
http://www.sans.org/webcasts/031803.php
See
www.sans.org for details.
PS. This new vulnerability demonstrates, again, the reason that SANS
Windows Security training is so important to organizations that have
important data on Windows systems. If you accepted Microsoft's standard
configuration, you would have been vulnerable to attacks using this
vulnerability. If you followed the guidance SANS teaches in the course,
you would not have been vulnerable. It doesn't always work -- but it
works quite often.
Here's the schedule for SANS upcoming Securing Windows training courses:
New York City: March 24-29
Baltimore: April 7-12
Monterey, CA: June 11-16
London, UK: June 23-18
Washington, DC: July 14-19
Plus online and onsite training
See
www.sans.org for details.
To change your subscription, address, or other information, visit
http://www.sans.org/sansurl and enter your SD number or email address
(from the headers.) You will receive your personal URL via email.
Unsubscribing will take you off any news bulletin lists for NewsBites
or Security Alert Consensus as well as any conference information
notes.
You may also email <sans@sans.org> with complete instructions and
your SD number for subscribe, unsubscribe, change address, add other
digests, or any other comments.