Describing the problem, the company said "WebDAV [is] a set of extensions to the Hyper Text Transfer Protocol (HTTP) that provides a standard for editing and file management between computers on the Internet. A security vulnerability is present in a Windows component used by WebDAV and results because the component contains an unchecked buffer. An attacker could exploit the vulnerability by sending a specially formed HTTP request to a machine running IIS. The request could cause the server to fail or to execute code of the attacker's choice."
Users that have installed Microsoft's URLScan tool for IIS are protected against intrusion from this latest vulnerability, unless they've modified the URLScan configuration in a manner that wouldn't catch excessively long URLs. Microsoft published the article "MS03-007: How to Work Around the Vulnerability That Is Discussed in Microsoft Knowledge Base Article 815021" regarding this matter. The article describes several ways to disable WebDAV or limit buffer sizes in IIS. The article includes a link to a Buffer Size Registry Tool, which users can run to modify the registry keys associated with IIS buffers. The article also describes the keys that you need to change if users want to modify the registry manually.
In summary, users have five ways to guard against this vulnerability: Disable IIS if it's unneeded, disabled WebDAV if it's unneeded, use URLScan to help thwart malicious URL strings, adjust the buffer size for URLs accepted by IIS, or install the related patch.
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
