Summary
WebDAV remote code execution vulnerability
A vulnerability exists in IIS when WebDAV improperly handles objects in memory, which could allow an attacker to run arbitrary code on the user’s system. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.
To exploit this vulnerability, an attacker would have to send a specially crafted HTTP request to the affected system.
The update addresses the vulnerability by changing how WebDAV handles objects in memory. The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list:
| Vulnerability title | CVE number | Publicly disclosed | Exploited |
| WebDAV Remote Code Execution Vulnerability | Yes | Yes |
Mitigating Factors
Mitigating Factors
Microsoft has not identified any mitigating factors for this vulnerability.
Workarounds
Microsoft has not identified any workarounds for this vulnerability.More Information
- If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.