IT World has a nice little article which gives some tools to help protect those running IIS 6.0 and earlier from the latest exploit. The fun thing is that they are both free tools from Microsoft that basically shut down the WebDAV protocol.
Microsoft has acknowledged the problem, but has not said if or when a patch for it will be available. Windows 2000 servers are more at risk from this vulnerability since WebDAV is turned on by default, in contrast to Windows 2003 where WebDAV is turned off by default.
So, there you have it. Go get the tools and lock it down.
Leave a Reply