Microsoft Corp. on Monday released a patch for a critical vulnerability in Windows 2000 that company officials say is being actively exploited. The vulnerability is in a Windows component used by the WebDAV protocol and could give an attacker control of a vulnerable machine.
The flaw only affects Windows 2000 machines that are configured to run as Web servers. In order to exploit this issue, an attacker must establish a Web connection with the affected computer. He can then send a specially formed HTTP request to the IIS server running on the machine.
The request would either cause the IIS server to fail or run the code of the attackers choice. Any code would run in the security context of the IIS server, which runs as LocalSystem by default, according to Microsofts advisory on the vulnerability.
The Web Distributed Authoring and Versions protocol is used to provide a standard for editing and file management among computers on the Internet.
Microsoft security officials said they have had isolated reports of this vulnerability being exploited on the Internet, which caused them to release the bulletin today instead of on their usual Wednesday release schedule. "Weve had some reports of it being actively exploited and thats the reason we went out as soon as we did," said Steve Lipner, director of security assurance at Microsoft.
Officials at Internet Security Systems Inc. said they have seen exploitations using a "functional exploit tool."
Latest Security News:
Latest Stories by Dennis Fisher:
For more Microsoft scoops, check out Ziff Davis Microsoft Watch.