[GTER] En: Special Flash Webcast: Tuesday March 18, Windows 2000 WebDAV Buffer Overflow Exploit
Fabio Oliveira
fabio at ipway.com.br
Tue Mar 18 09:55:01 -03 2003
FYI....
----- Original Message -----
From: The SANS Institute <sans at sans.org>
To: Fabio Oliveira (SD634666) <fabio at ipway.com.br>
Sent: Tuesday, March 18, 2003 1:47 AM
Subject: Special Flash Webcast: Tuesday March 18, Windows 2000 WebDAV Buffer
Overflow Exploit
>
> Special Flash Webcast: Tuesday March 18, 2003 3:00 EST, (2000 UTC)
>
> Overview: Windows 2000 WebDAV Buffer Overflow Exploit Against IIS 5.0
>
> Will a new Code Red Worm get to your machine before you take the
> necessary steps to protect yourself?
>
> If you are running IIS 5.0 on Windows 2000, you probably already know
> that a buffer overflow exploit has been discovered in a WebDAV component
> on IIS 5.0. The error permits the remote execution of arbitrary
> commands, and that's all the hackers need to start up another worm with
> nearly the same impact as Code Red.
>
> WebDAV is used to manage files on the web server using the HTTP/HTTPS
> protocol itself, hence, it operates over TCP 80/443. WebDAV is enabled
> by default and Microsoft has assigned a severity rating of CRITICAL to
> this issue. Tuesday's webcast will discuss the WebDAV vulnerability and
> how to fix it before the race to complete the "WebDAV Worm" is
> completed.
>
> The webcast features two top Windows Security experts who will first
> give you an overview and then answer your questions:
>
> Jason Fossen: SANS premier teacher of advanced security techniques for
> Windows.
> Chris Weber: Author of the definitive book on Windows XP Security
>
> There is no cost.
>
> Register early to reserve a seat in the live program
> http://www.sans.org/webcasts/031803.php
>
> See www.sans.org for details.
>
> PS. This new vulnerability demonstrates, again, the reason that SANS
> Windows Security training is so important to organizations that have
> important data on Windows systems. If you accepted Microsoft's standard
> configuration, you would have been vulnerable to attacks using this
> vulnerability. If you followed the guidance SANS teaches in the course,
> you would not have been vulnerable. It doesn't always work -- but it
> works quite often.
> Here's the schedule for SANS upcoming Securing Windows training courses:
>
> New York City: March 24-29
> Baltimore: April 7-12
> Monterey, CA: June 11-16
> London, UK: June 23-18
> Washington, DC: July 14-19
> Plus online and onsite training
> See www.sans.org for details.
More information about the gter
mailing list