Tuesday, April 16, 2024

Microsoft Patches ‘Critical’ Windows 2000 Flaw

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

The Computer Emergency Response Team (CERT/CC) on Monday issued an advisory
for a buffer overflow vulnerability in Microsoft IIS 5.0 running on
Microsoft Windows 2000, warning sysadmins that an exploit is already

Microsoft issued a “critical” rating on the flaw and issued a patch while warning that the
vulnerability may allow a remote attacker to run arbitrary code on an
infected machine.

“An exploit is publicly available for this vulnerability, which increases
the urgency that system administrators apply a patch,” the Center warned.
IIS 5.0 is installed and running by default on Microsoft Windows 2000 server

CERT/CC said the unchecked buffer was detected in a Windows component of
the World Wide Web Distributed Authoring and Versioning (WebDAV) protocol,
which is supported by Windows 2000. An attacker could send a specially
formed HTTP request to a machine running IIS, causing the server to fail or
to execute code of the attacker’s choice.

WebDAV uses IIS to pass requests to and from Windows 2000. Microsoft
explained that when IIS receives a WebDAV request, it typically processes
the request and then acts on it. However, if the request is formed in a
particular way, a buffer overrun can result because one of the Windows
components called by WebDAV does not correctly check parameters.

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles