Security researchers say that they have identified several additional attack vectors that can exploit the critical Windows 2000 vulnerability disclosed this week, and are urging everyone running the operating system to patch their machines.
When Microsoft Corp. released its advisory and patch for this vulnerability on Monday, it said that only Windows 2000 machines running the IIS 5.0 Web server software were vulnerable. However, researchers from Next Generation Security Software Ltd. have shown that is likely possible to exploit the vulnerability by going in through services other than IIS.
In a paper published Friday, David Litchfield of NGSS, based in Surrey, England, wrote that IIS is simply the attack vector used to exploit the vulnerability in the WebDAV request process. As the request is processed, it passes through several functions, one of which calls another function known as RtlDosPathNameToNtPathName_U, which is where the actual vulnerability lies.
However, there is a long list of other functions that make this same call, many of which are concerned with the NT files system.
We have “discovered several new attack vectors and believe there will be many more that will come to light over the next few weeks,” Litchfield wrote. “There are too many ways for an attacker to access the vulnerability. Likely areas will be non-Microsoft Web and FTP servers, IMAP servers, anti-virus solutions and other Microsoft Windows services.”
Shortly after Litchfield posted his paper to BugTraq Friday afternoon, a research scientist from a Venezuelan security company posted an exploit code for the WebDAV flaw to another mailing list. The exploit is labeled as being for testing purposes only.
The Web Distributed Authoring and Versioning protocol is used to provide a standard for editing and file management among computers on the Internet.
Latest Security News: