TruSecure’s Russ Cooper advises that users who do not need WebDAV simply turn the service off entirely, particularly if rebooting the server will cause problems. Computer security firm TruSecure reported Monday that a U.S. Army Web server had been compromised in a low-level attack. The attack itself was not unusual — it took advantage of a buffer overflow to gain remote control of the box. What made this incident notable was that it was a “Zero Day” attack, in which the vulnerability was exploited in the wild before it was reported to the rest of the security community. In layman’s terms, this is called getting caught with your pants down. Prior to the latest incident, it had not happened in three years. The intruder took advantage of a buffer overflow in Windows 2000 Server. Specifically, the exploit targets the Web Distributed Authoring and Versioning (WebDAV) service in Windows 2000. When exploited, the vulnerability allows an attacker to run code on the server with LocalSystem privileges. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.