IIS admins, help finding WebDAV

Published: 2009-05-21. Last Updated: 2011-01-30 23:22:12 UTC
by Adrien de Beaupre (Version: 1)
5 comment(s)

Microsoft have pointed to one of their KB articles for helping admins in an enterprise to locate IIS boxes with WebDAV enabled. It is located here. There is also a blog post here with some FAQ on WebDAV. This is particularly useful if you are concerned about IIS 6.0 WebDav Remote Auth Bypass on internal systems.

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

 

Keywords: iis webdav
5 comment(s)

Comments

A test Comment from MH
But has anyone answered *definitively* whether or not Sharepoint is impacted?
@CH
See http://blogs.technet.com/srd/archive/2009/05/20/answers-to-the-iis-webdav-authentication-bypass-questions.aspx for an answer (not only) to that question: "No, Sharepoint is not vulnerable to this vulnerability. The Sharepoint team does not use the same code as IIS. Their DAV server goes against their backend SQL store, not the file system."
another quick test comment. If your comments don't show up with a diary, please use the feedback form at http://isc.sans.org/contact.html
Apropos Sharepoint:
http://blogs.msdn.com/sharepoint/archive/2009/05/21/attention-important-information-on-service-pack-2.aspx
"We take product quality seriously and make every effort to avoid and resolve issues that adversely impact our customers. Unfortunately, we have recently discovered a bug with Service Pack 2 (SP2) that affects all customers that have deployed it for SharePoint Server 2007.

During the installation of SP2, a product expiration date is improperly activated. This means SharePoint will expire as though it was a trial installation 180 days after SP2 is deployed."

Diary Archives