1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Unchecked Buffer In Windows Component Could Cause Web Server Compromise: Mar 17

Discussion in 'Windows XP' started by eddie5659, Mar 17, 2003.

Thread Status:
Not open for further replies.
  1. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    34,886
    Hiya

    Microsoft Windows 2000 supports the World Wide Web Distributed
    Authoring and Versioning (WebDAV) protocol. WebDAV, defined in
    RFC 2518, is a set of extensions to the Hyper Text Transfer
    Protocol (HTTP) that provide a standard for editing and file
    management between computers on the Internet. A security
    vulnerability is present in a Windows component used by WebDAV,
    and results because the component contains an unchecked buffer.

    An attacker could exploit the vulnerability by sending a
    specially formed HTTP request to a machine running Internet
    Information Server (IIS). The request could cause the server to
    fail or to execute code of the attacker's choice. The code would
    run in the security context of the IIS service (which, by
    default, runs in the LocalSystem context).

    Although Microsoft has supplied a patch for this vulnerability
    and recommends customers install the patch immediately,
    additional tools and preventive measures have been provided that
    customers can use to block the exploitation of this vulnerability
    while they are assessing the impact and compatibility of the
    patch. These temporary workarounds and tools are discussed in the
    "Workarounds" section in the FAQ below.


    Maximum Severity Rating: Critical

    Affected Software:

    Microsoft Windows 2000

    Download locations for this patch Microsoft Windows 2000:
    The patch for Windows 2000 is available at the following location:


    All except Japanese NEC

    Japanese NEC

    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-007.asp

    Regards

    eddie
     
  2. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    34,886
  3. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    34,886
    V3.0 (May 28, 2003): Updated to include details of Windows XP patch.
    V3.1 (May 28, 2003): Updated to include correct Windows NT 4.0 and Windows XP verification keys.
    V3.2 (May 28, 2003): Updated frequently asked questions section regarding IIS 5.1

    Microsoft Windows XP:

    32-bit Edition

    http://microsoft.com/downloads/deta...7D-F2D5-47B8-AB98-77BA7501B00B&displaylang=en

    64-bit Edition

    http://microsoft.com/downloads/deta...5D-DB0B-40F8-9A2E-DE93CBB5CB3A&displaylang=en


    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-007.asp

    Regards

    eddie
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/124240

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice