Microsoft warns about IIS WebDAV component

By on
Microsoft has issued Security Bulletin MS03-007 (Unchecked Buffer In Windows Component Could Cause Web Server Compromise) regarding a serious problem in the Microsoft IIS WWW Distributed Authoring and Versioning (WebDAV) component when running on Windows 2000 systems. The problem stems from a buffer overflow condition that could let a remote intruder execute code on the server, which could lead to a server compromise. The problem doesn't affect Windows XP or Windows NT systems.

Describing the problem, the company said "WebDAV [is] a set of extensions to the Hyper Text Transfer Protocol (HTTP) that provides a standard for editing and file management between computers on the Internet. A security vulnerability is present in a Windows component used by WebDAV and results because the component contains an unchecked buffer. An attacker could exploit the vulnerability by sending a specially formed HTTP request to a machine running IIS. The request could cause the server to fail or to execute code of the attacker's choice."

Users that have installed Microsoft's URLScan tool for IIS are protected against intrusion from this latest vulnerability, unless they've modified the URLScan configuration in a manner that wouldn't catch excessively long URLs. Microsoft published the article "MS03-007: How to Work Around the Vulnerability That Is Discussed in Microsoft Knowledge Base Article 815021" regarding this matter. The article describes several ways to disable WebDAV or limit buffer sizes in IIS. The article includes a link to a Buffer Size Registry Tool, which users can run to modify the registry keys associated with IIS buffers. The article also describes the keys that you need to change if users want to modify the registry manually.

In summary, users have five ways to guard against this vulnerability: Disable IIS if it's unneeded, disabled WebDAV if it's unneeded, use URLScan to help thwart malicious URL strings, adjust the buffer size for URLs accepted by IIS, or install the related patch.


Most Read Articles

Log In

|  Forgot your password?