May 28, 2009, 10:11AM
A guide to the IIS WebDAV vulnerability
Comment 
Even for the most experienced security professionals, understanding complex attacks and vulnerabilities sometimes can be a serious challenge. A perfect example is the recent Microsoft IIS WebDAV vulnerability, which surfaced last week and has yet to be patched by Microsoft. It's a complicated issue, which some experts say was made more so by the guidance that the software maker released about it. Luckily, Steve Friedl of Unixwiz.net has taken the time to make some sense of it all.
Friedl, a security consultant, put together a flow chart that helps administrators figure out whether their Web servers are vulnerable. His key piece of advice is, if you're not sure whether your servers are at risk, find an expert who can test your machines and give you a definitive answer.
Editor's Pick
The vulnerability allows a remote anonymous user to bypass authentication checks and access the system in ways not intended for anonymous users: systems are getting hacked with this, and it's important to assess your local security posture and take steps to mitigate exposures that are discovered.
Microsoft published information on this in their Security Advisory (971492), but we found their guidance confusing for users who were not IIS experts. While researching what each of the pieces meant, we decided to create this Tech Tip with a simple flowchart that will help rapidly get to the "not vulnerable" stage if that's indeed the case.
Most systems are likely not vulnerable, but unless the flowchart below leads to "You are not vulnerable", we strongly recommend seeking local expertise to help assess your situation properly.
As Friedl and others have noted, attackers are actively exploiting the IIS WebDAV vulnerability, and as there's no patch available yet, it's vital that enterprises take a close look at their Web servers to see whether they're vulnerable. Microsoft officials have said they're investigating the vulnerability and it would not be surprising to see an out-of-band patch for IIS, given the seriousness of the problem.
Commenting on this Article is closed.
Today's Most Popular
- DHS Warns About Threat Of Mobile Devices In Healthcare
- Another Cybersecurity Bill Runs Into Trouble on Capitol Hill
- Hijacked Web Sites Among The Most Visited On Google's Black List
- Like Those Wikipedia Ads? They Mean You're Infected With Malware!
- Senator Seeks More Info On DOJ Location Tracking Practices
Most Commented Stories
-
Facebook Open to Comments on Proposed Privacy Policy Changes (5)
-
Adobe Reverses Course, Plans Free Updates for Illustrator, Photoshop, Flash Professional (4)
-
Spammers Targeting Pinterest Using Point-And-Click Tools (1)
-
FBI Concerned About Bitcoin Usage Among Cybercriminals (4)
-
CERT Warns On Critical Hole In SCADA Software By Italian Firm Progea (1)
Newsletter Sign-up
Take Our Poll
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you
Connect to anything
21%
Only connect to password-protected, secure connections
38%
Only use websites with HTTPS
28%
I don’t pay attention to how I access the internet while traveling
14%
Total votes: 58
Follow Threatpost
 |  |  |  |
| Tumblr |
