Last week's very serious Windows 2000 vulnerability is far from limited to exploitation through IIS alone.

This flaw, the root cause of which is a buffer overflow vulnerability in a core Microsoft Windows DLL (ntdll.dll), could allow attackers to gain complete control of a vulnerable system and execute arbitrary code.

As we said in our article about a minor glitch with the patch last week, ISS WebDAV (World Wide Web Distributed Authoring and Versioning) is one of many Windows components which uses the problematic ntdll.dll component. So Microsoft's patch needs to be applied to all potentially vulnerable Windows 2000 boxes.

Microsoft's advice on the problem has been revised to take into account potential conflicts with hot fixes which gave rise to the minor glitch. This is just as well because the problem gets worse the closer you look at it.

Read More . . .