March 18, 2003
Windows 2000 WebDAV Buffer Overflow Exploit Against IIS 5.0 - CRITICAL
The National Infrastructure Protection Agency (NIPC) and the CERTŪ Coordination Center have issued advisories (Advisory 03-005 - NIPC) (CA-2003-09) warning of a critical vulnerability in the WebDAV component of Microsoft IIS 5.0 running on Microsoft Windows 2000. IIS.
This vulnerability could permit hackers to exploit a buffer overflow that experts suggest has the potential to start up another worm with nearly the same impact as Code Red.
Given the current elavated Orange Threat level issued by the Office of Homeland Security, Network Administrators are urged to immediately patch any IIS 5.0 servers or disable the WebDAV service until the patch can be applied. National Infrastructure Protection Center is also advising network adminstrators take the following steps:
The patch for this vulnerability is available from Microsoft at:
- Monitor information sources for additional alerts regarding possible attack activity.
- Report any relevant activity (increased port 80 probing or activity, web server crashes, etc.) using an Incident Response Form.
- Ensure that your incident response capability is prepared for a possible incident.
- If successfully attacked, recognize that a system compromise may have taken place; take appropriate action based on your incident handling policy.
Microsoft IIS Patch for WebDAV
The SANS institute is offering a FREE special webinar, Tuesday March 18, 2003 3:00 EST, to discuss the vulnerability, featuring two Windows experts.
Previous Tech Alerts:
03/03/03 Critical Vulnerability Discovered in Sendmail
02/06/03 Microsoft Releases Cummulative Patch for Internet Explorer Flaws It Lists as Critical
01/26/03 The Importance of Applying Patches
01/23/03 Microsoft and SUN release slew of Patches
01/14/03 New Worms Spreading through Email
12/09/02 Microsoft Issues Updated Cumulative Patch for IE
11/13/02 New e-greeting tactics pose serious threat
11/01/02 Critical patch released for Windows 2000, Windows XP
10/21/02 Microsoft Fixes Vulnerabilities: Releases Patches for SQL, Word and Excel
10/03/02 Bugbear Worm Gains Strength
10/02/02 Top 20 List of Internet Security Vulnerabilities Released
09/02/02 Microsoft Warns SysAdmins To Immediately Patch Identity Spoofing Flaw
08/21/02 Microsoft releases patch to fix "critical" vulnerability in
Windows 2000 systems that allow unprivileged users to log
onto them interactively
08/09/02 Is Confidential Bank Information Walking Out Your Door?
07/30/02 Microsoft Continues to Patch Flawed Software
07/23/02 CERT advisory on PHP
07/15/02 Outlook Users Employing PGP Encryption Program Vulnerable to Hacking
07/11/02 Researchers Report Serious Flaw in IE
06/27/02 Microsoft Releases Critical Patch for Windows Media Player
06/18/02 CERT Warns of Critical Vulnerabilty in Apache Web Server
06/12/02 Sports Fans Beware: World Cup Virus Bounces Around the Net
06/07/02 Dead Man Tell No Passwords
05/31/02 Microsoft Issues Critical Warning Regarding Exchange Server
05/22/02 Microsoft SQL Spida Worm Slows Network Traffic
05/15/02 Virus Hoax 'JDBGMGR.EXE' Spreading Rapidly Thoughout Net
04/25/02 Klez Worm Reels in Banks with its Bait
04/11/02 Ten New Vulnerabilities Discovered in Microsoft IIS Server
04/09/02 New Virus Hoax Circulating Around Net
03/22/02 MyLife.B Virus Makes Its Way Around the Net
03/21/02 Microsoft Updates Its Warning on Critical Windows Vulnerability
03/14/02 New Virus (W32/Fbound-C) Spreading Rapidly in the Wild
03/08/02 Unauthorized E-Mail Scam Attempts to Steer Unwitting Customers to Fraudulent Bank Web Site
03/06/02 Klez-E Worm and W32.Gibe Virus Warnings
03/01/02 CERT Issues Warning on PHP Scripting Language Flaw
02/27/02 CERT Issues Warning on Internet Explorer and Outlook Flaw
02/22/02 SNMP Patches and Detection Tools Available
02/20/02 Email Address Belonging to Legitimate Security Site Hijacked to Deliver Dangerous Yarner Worm
02/15/02 Mass Mailing Email Worm Compromises Word 2000 Security Settings
02/13/02 SNMP VULNERABILITY
02/07/02 Bloodhound Mass Mailing Worm and Managing Risks in Wireless Networks
02/04/02 Microsoft Issues Collection of Security Fixes for Windows 2000
01/31/02 Copycat Virus Unleashed
01/30/02 Netscape Browser Vulnerable to Cookie Theft
01/28/02 "My Party" Mass Mailing Worm
01/18/02 IT Contingency Planning Guide, Information Security Checklist and Solaris Vulnerability
01/15/02 Trojan.StartPage Alters Web Browsers
01/12/02 New Internet Worm Gigger Masquerades as Microsoft Outlook Upgrade
01/08/02 Microsoft Universal Plug and Play Vulnerability
12/20/01 Holiday Themed Computer Virus Unleashed
Home | Compliance | Lending | Operations | Security | Marketing | Technology | eBanking
BankersOnline is a free service made possible by the generous support of our
advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all
banking professionals. Support our advertisers and sponsors by clicking
through to learn more about their products and services.