Help and Support

Article ID: 291845 - Last Review: November 21, 2006 - Revision: 3.2

Malformed WebDAV request can cause IIS to exhaust CPU resources

Retired KB ArticleRetired KB Content Disclaimer
View products that this article applies to.
This article was previously published under Q291845
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/prodtech/IIS.mspx (http://www.microsoft.com/technet/security/prodtech/IIS.mspx)
Expand all | Collapse all

SYMPTOMS

World Wide Web Distributed Authoring and Versioning (WebDAV) is an extension to the HTTP protocol that allows remote authoring and management of Web content. In the Windows 2000 implementation of the protocol, Microsoft Internet Information Services (IIS) 5.0 performs the initial processing of all WebDAV requests, and then forwards the appropriate commands to the WebDAV process. However, a flaw exists in the way WebDAV handles a particular type of malformed request. If a stream of such malformed requests is directed at an affected server, it consumes all CPU availability on the server.

Mitigating Factors:
  • The effect of an attack through this vulnerability is temporary. The server automatically resumes normal service as soon as the malformed requests stop arriving.
  • This vulnerability does not provide an attacker with any capability to carry out WebDAV requests.
  • This vulnerability does not provide any capability to compromise data on the server or gain administrative control over the server.
Microsoft recommends that customers apply the patch described in this article to any servers running IIS 5.0. Although this includes Web servers, other services may also require that IIS 5.0 be enabled. For example, Exchange 2000 Server uses IIS 5.0 to provide Outlook Web Access (OWA) services. Therefore, computers running Exchange 2000 Server that provide OWA services should implement the patch to protect their IIS 5.0 services from this vulnerability.
Back to the top

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows 2000. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
260910  (http://support.microsoft.com/kb/260910/ ) How to obtain the latest Windows 2000 service pack
The English version of this fix should have the following file attributes or later:
   Date        Time    Version      Size     File name
   -----------------------------------------------------
   03/12/2001  10:57a  0.9.3940.20  439,056  Httpext.dll
IMPORTANT: If you previously performed the workaround described in article Q241520, the following dialog box may be displayed when you install this fix:
Copy Error Setup cannot copy the file httpext.dll. Ensure that the location specified below is correct, or change it and insert 'Windows 2000 System Files' in the drive you specify. Copy files from: (drop down box below) c:\%windir%\system32\inetsrv
To bypass this dialog box, follow these steps to re-enable WebDAV:
  1. Open Windows Explorer.
  2. Go to your %SystemRoot%\System32\Inetsrv folder.
  3. Right-click your Httpext.dll file, and then click Properties.
  4. Click the Security tab.
  5. Select Everyone, and then click Remove.
  6. Select the Allow inheritable permissions from parent to propagate to this object check box, and then click Apply.
  7. Click OK to exit the Properties dialog box.

Back to the top

WORKAROUND

For more information about how to work around this problem, click the following article number to view the article in the Microsoft Knowledge Base:
241520  (http://support.microsoft.com/kb/241520/ ) How to disable WebDAV for IIS 5.0
Back to the top

STATUS

Microsoft has confirmed that this is a problem in Microsoft Windows 2000. This problem was first corrected in Windows 2000 Service Pack 2.
Back to the top

MORE INFORMATION

For more information on this vulnerability, see the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/ms01-016.mspx (http://www.microsoft.com/technet/security/bulletin/ms01-016.mspx)
For more information about how to install Windows 2000 and Windows 2000 hotfixes at the same time, click the following article number to view the article in the Microsoft Knowledge Base:
249149  (http://support.microsoft.com/kb/249149/ ) Installing Microsoft Windows 2000 and Windows 2000 hotfixes
Back to the top
APPLIES TO
  • Microsoft Internet Information Services 5.0
Back to the top
Keywords: 
kbbug kbfix kbwin2000presp2fix KB291845
Back to the top
Retired KB ArticleRetired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.
Back to the top

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations