Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    New Windows Flaw Disclosed by Microsoft

    By
    Dennis Fisher
    -
    March 24, 2003
    Share
    Facebook
    Twitter
    Linkedin

      Security experts say the latest Windows vulnerability revealed last week by Microsoft Corp. has already been used by crackers to attack at least one machine belonging to the U.S. Army. And, it turns out, the flaw used to attack the Web server was discovered not by Microsoft or independent researchers but by the attacker himself.

      Microsoft released a patch for the critical vulnerability in a Windows 2000 component used by the WebDAV (Web-based Distributed Authoring and Versioning) protocol. The vulnerability gives an attacker control of a vulnerable machine, officials at the Redmond, Wash., company said.

      Experts at TruSecure Corp., based in Herndon, Va., received word of the attack on the Armys Web server two weeks ago through contacts within the Army. A Web server was attacked using a URL that was 4KB in length, and the machine was subsequently compromised. The server then immediately began mapping the network around it, looking for other vulnerable machines and seeing what else of interest was within reach. It then started sending the results of its mapping to a remote machine through TCP port 3389 using terminal services, said Russ Cooper, surgeon general at TruSecure.

      Once Army security staff realized the server had been compromised, it took the machine offline and rebuilt it. But as soon as it was reconnected to the Internet, the server was compromised again. At that point, Army personnel realized they were dealing with something new and went to Microsofts support site and filled out a Web form describing the issue.

      “Weve had some reports of it being actively exploited, and thats the reason we went out [with the patch] as soon as we did,” said Steve Lipner, director of security assurance at Microsoft.

      Military Strike

      Chronology of WebDAV vulnerability/ Army hack incident:

      • March 9 or 10 Army Web server compromised
      • March 11 Army notifies Microsoft, outside security experts
      • March 14 Microsoft produces patch for new vulnerability
      • March 17 Patch and security advisories are released by Microsoft and CERT

      Still, the vulnerability and its exploitation caught security officials at Microsoft and at independent bodies such as the CERT Coordination Center off guard. Attacks such as this that occur against previously unknown vulnerabilities are known as zero-day exploits, as there is no elapsed time between the discovery of the flaw and its exploitation. Although security experts said they have not seen any other attacks using this exploit, Cooper said he expects to see a worm based on it within a week or so.

      “Its absolutely vital that people get rid of WebDAV on their boxes if they dont need it,” Cooper said. “If they dont know whether theyre using it, chances are that theyre not, and they should disable it.”

      And, because there is just one machine known to have been compromised with this attack so far, Cooper said he believes it was the work of an individual cracker and not a nation or other organization. “With the element of surprise like that, Id think a nation state would go after a large number of machines and not just this one,” he said.

      The flaw affects only Windows 2000 machines that are configured to run as Web servers. To exploit this issue, an attacker must establish a Web connection with the affected computer. The attacker can then send a specially formed HTTP request to Microsofts IIS (Internet Information Services) running on the machine.

      The request would either cause the IIS server to fail or run the code of the attackers choice. Any code would run in the security context of the IIS server, which runs as LocalSystem by default, according to Microsofts advisory on the vulnerability.

      WebDAV is used to provide a standard for editing and file management among computers on the Internet.

      Dennis Fisher

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×