Worst Windows flaws of the past decade

The exploits and oversights that left Redmond with egg on its face

Folder traversal: Total server control with a single URL

Bug identifier: MS00-078

Description: Web server folder traversal vulnerability

Alias: Directory traversal bug

Date published: October 17, 2000

If there's one thing we've learned from the past decade of Microsoft patches, it's that not everyone keeps on top of them. When Microsoft published this particular advisory, the patch that fixed the problem (MS00-057) had already been released two months prior.

With this bug, if you knew the layout of a Microsoft file system -- which folders appear where -- you could send a command to a Web server that essentially gave you total control.

As anyone who has spent any time using a Windows computer will tell you, it's not hard to find your way around the hard drive. Documents go in a particular folder path; most applications are put in another folder path; and so on.

By using dots and backslashes (or their respective unicode representations) in the URL, this bug allowed you to navigate up and down the file system and execute commands, just by knowing a few simple rules and how Windows organizes itself. While account permissions for IIS are somewhat limited, a related exploit helped escalate privileges, giving remote users the ability to do whatever they wanted to with Windows servers simply by sending a few URLs.

"Originally found as an anonymous post in the PacketStorm forums, this resulted in nearly two straight years of mass ownage against Windows web servers," Moore writes.

Upshot: Directory traversal opened up a new world for automated attacks that merely had to call a particular URL to do their dirty work.

Code Red: Deadly bug, disgusting soda

Bug identifier: MS01-033

Description: Unchecked buffer in index server ISAPI (Internet Server API) extension could enable Web server compromise

Alias: The Code Red bug

Date published: June 18, 2001

What happens when you send a ton of data at a Microsoft Web server? If it was the summer of 2001, well, you owned the network. At least that's what happened a little more than a month after Microsoft released this obscure-sounding patch for IIS Web servers.

The nature of the bug was simple: Take an IIS server, invoke a buffer overflow, and commands spill into other parts of system memory. Because the commands were issued in the context of the system itself, the bug opened up for exploitation virtually all aspects of the server's operation.

And exploitation happened, all right, on a scale that hadn't been seen before.

On the afternoon of Friday, July 13, 2001, security engineers at eEye Digital Security received reports of a worm that was spreading rapidly through its customers' networks. Fueled by a limited edition, crimson, caffeinated, high-fructose corn syrup-based beverage, Mark Maiffret and Ryan Permeh spent a weekend reverse-engineering the worm, and alerted the world to its presence.

What the worm did was probe vulnerable IIS servers, infect them, and create 100 threads of itself, which then spread to other computers. If the date was between the 20th of the month and the end of the month, it would attempt to spew data at www.whitehouse.gov. Permeh and Maiffret estimated that the worm could infect approximately 500,000 unique IP addresses per day.

Upshot: Code Red really drove home the importance of patching bugs soon after Microsoft released the patch, because the patches themselves give malware authors clues to exactly where they should look for new vulnerabilities.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Windows Vistawindows xpWindows 2000windows 98

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Andrew Brandt

InfoWorld
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?