Microsoft Patches Critical Windows 2000 Flaw
Flaw is in a Windows component used by the WebDAV protocol and could give an attacker control of a vulnerable machine.Microsoft Corp. on Monday released a patch for a critical vulnerability in Windows 2000 that company officials say is being actively exploited. The vulnerability is in a Windows component used by the WebDAV protocol and could give an attacker control of a vulnerable machine. The flaw only affects Windows 2000 machines that are configured to run as Web servers. In order to exploit this issue, an attacker must establish a Web connection with the affected computer. He can then send a specially formed HTTP request to the IIS server running on the machine. The request would either cause the IIS server to fail or run the code of the attackers choice. Any code would run in the security context of the IIS server, which runs as LocalSystem by default, according to Microsofts advisory on the vulnerability.
The Web Distributed Authoring and Versions protocol is used to provide a standard for editing and file management among computers on the Internet.