WebDAV is an extension to the HTTP protocol that allows remote authoring and management of web content. In the Windows 2000 implementation of the protocol, IIS 5.0 performs initial processing of all WebDAV requests, then forwards the appropriate commands to the WebDAV process. However, a flaw exists in the way WebDAV handles a particular type of malformed request. If a stream of such requests were directed at an affected server, it would consume all CPU availability on the server.
Because the discoverer of this vulnerability has chosen to publish code to exploit this vulnerability before a patch could be developed, Microsoft has developed a workaround that can be used to defend against attack. Knowledge Base article Q241520 provides step-by-step instructions for changing the permissions on the .DLL that provides WebDAV services in order to effectively disable it on the machine. When a patch is available, we will re-release this bulletin and provide updated information.
Microsoft recommends that customers consider applying the workaround to any servers running IIS 5.0. Although this obviously includes web servers, other services, notably Exchange 2000, may also require that IIS 5.0 be enabled.
|