New Tech Tip: Understanding Microsoft's KB971492 IIS5/IIS6 WebDAV Vulnerability

May 26, 2009

New Tech Tip: Understanding Microsoft's KB971492 IIS5/IIS6 WebDAV Vulnerability

In May of this year (2009), a security researcher discovered and reported a vulnerability in Microsoft's Internet Information Server (IIS) WebDAV component. Microsoft published some guidance on this in a KB article, but it was really sparse and not at all obvious how to make sense of it.

Those who are IIS experts would know right what this all meant, but I (for one) was in the "Ok, so what exactly is WebDAV, and how do I know if I even have it?" camp. After researching things, it became clear that a simple flowchart could help most users realize that they are not in fact vulnerable (sigh of relief), with the tricky cases left to those who are most likely to have experts around who know the nitty gritty.

So this paper assumes essentially no web or IIS expertise, but helps get to that good place quickly.

Unixwiz.net Tech Tip: Understanding Microsoft's KB971492 IIS5/IIS6 WebDAV Vulnerability

But please: if you're not sure about any parts of your own security posture, find local experts to guide you.

Posted at 04:34 PM in Tech Tips | Permalink

Comments

Verify your Comment

Previewing your Comment

Posted by: |

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:

Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

I had a backup. Really.

May 26, 2009