Description
An elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests. An attacker could exploit this vulnerability by creating a specially crafted anonymous HTTP request to gain access to a location that typically requires authentication.
Remediation
Workaround #1: Turn off WebDAV
Turning off WebDAV might be a good option if you are not using it or can live without out until we have a security update available. You can find instructions at http://support.microsoft.com/kb/241520.
Workaround #2: Change filesystem ACL's to deny access to IUSR_[MachineName]
Remember that there are two levels of permissions for files served by IIS. First, the user must be granted access by the NTFS file system and only then are the permissions in the IIS metabase checked. If you deny access to the web-server anonymous account (IUSR_[MachineName]), the access check bypassed by this vulnerability will not be reached. You can find instructions for hardening file system permissions on a web-server at http://support.microsoft.com/kb/271071.
Workaround #3: Use URLScan to block malicious requests.
URLScan helps protect affected systems from attempts to exploit this vulnerability. You can find instructions for deployment URLScan at http://technet.microsoft.com/en-us/security/cc242650.aspx.
References
Related Vulnerabilities
WordPress Plugin Smart Forms-when you need more than just a contact form Security Bypass (2.6.84)
SolarWinds Web Help Desk Hardcoded Credential (CVE-2024-28987)
WordPress Plugin Profile Builder Pro Security Bypass (3.1.0)
WordPress Plugin WP Human Resource Management Security Bypass (2.2.14)
WordPress Plugin Cryptocurrency Widgets-Price Ticker & Coins List Security Bypass (2.4)