Microsoft warns of Windows 2000 hole

By Matt Whipp

Posted on 18 Mar 2003 at 12:04

An unchecked buffer in Windows 2000 leaves servers open to exploit.

Microsoft has warned of an unchecked buffer in Windows 2000 servers running IIS (Internet Information Server). An attacker could expoit this vulnerability by sending a specially crafted WebDAV request that would call the component containing the unchecked buffer. A successful exploit would give the attacker control over the system with the same privileges as which the IIS service is running. By default, IIS runs with Local System privileges.

Microsoft rates the vulnerability as critical, as it allows attackers to run code on affected systems. It has also issued guides for a number of workarounds as it is known that the hacker community is already using the hole.

The vulnerability affects all versions of Windows 2000, although in Windows 2000 Professional IIS is not installed by default.

Windows NT 4.0 to Windows XP have been tested for the vulnerability. Systems previous to these are no longer supported by Microsoft and may or may not be vulnerable.

Microsoft has issued a patch available here for all systems except Japanese NEC. Japanese NEC systems can be patched here.

Interim workaround guidelines are available here. (Scroll down for the workaround section.)