Security Patch Now Available for Windows NT

If you've already patched your Windows 2000 systems to correct the problem with WebDAV that Microsoft reported on March 17, then your systems are protected. Security UPDATE news reporter Ken Pfeil wrote that the vulnerability "can result in the execution of arbitrary code on the vulnerable system. This vulnerability stems from an unchecked buffer in a component that Web Distributed Authoring and Versioning (WebDAV) uses. An attacker can exploit this vulnerability by sending a specially formed HTTP request to a machine running Microsoft IIS. The request can cause the server to fail or execute code of the attacker’s choice."

At the time, Microsoft's bulletin said the problem affected only Win2K systems; however, on April 24 the company updated Security Bulletin MS03-007 (Unchecked Buffer In Windows Component Could Cause Server Compromise), to indicate that Windows NT systems are vulnerable too. A patch is now available for NT.

Microsoft said, "Windows NT 4.0 also contains the \[vulnerability that underlyies Windows 2000\] in \[the Windows NT file\] ntdll.dll, however it does not support WebDAV and therefore the known exploit was not effective against Windows NT 4.0."

You can find links to all the relevant patches in Microsoft's updated bulletin.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.