Users login

Create an account »


Users login

Home » Hacking News » Microsoft Security Advisory - WebDAV

Microsoft Security Advisory - WebDAV

by phiber on March 10th, 2001 WebDAV is an extension to the HTTP protocol that allows remote authoring and management of web content. In the Windows 2000 implementation of the protocol, IIS 5.0 performs initial processing of all WebDAV requests, then forwards the appropriate commands to the WebDAV process. However, a flaw exists in the way WebDAV handles a particular type of malformed request. If a stream of such requests were directed at an affected server, it would consume all CPU availability on the server.

Because the discoverer of this vulnerability has chosen to publish
code to exploit this vulnerability before a patch could be developed,
Microsoft has developed a workaround that can be used to defend
against attack. Knowledge Base article Q241520 provides step-by-step
instructions for changing the pErmissions on the .DLL that provides
WebDAV services in order to effectively disable it on the machine.
When a patch is available, we will re-release this bulletin and
provide updated information.

Microsoft recommends that customers consider applying the workaround
to any servers running IIS 5.0. Although this obviously includes web
servers, other services, notably Exchange 2000, may also require that
IIS 5.0 be enabled. For more information, download this advisory.

Download this advisory

Visit Microsoft Security

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »