Microsoft originally released this security bulletin on 17/03/2003. At that time, Microsoft was aware of a publicly available exploit that was being used to attack Windows 2000 Servers running IIS 5.0. The attack vector in this case was WebDAV although the underlying vulnerability was in a core operating system component, ntdll.dll. Microsoft issued a patch to protect Windows 2000 customers shortly afterwards, but also continued to investigate the underlying vulnerability. During the course of that investigation, Microsoft found that Windows NT 4.0 also contains the underlying vulnerability in ntdll.dll, however it does not support WebDAV & therefore the known exploit was not effective against Windows NT 4.0. In addition, Microsoft has recently been made aware of this vulnerability as well in Windows XP. However, like Windows NT 4.0, Windows XP does not install Internet Information Services (IIS) by default. Microsoft has now released patches for Windows NT 4.0 & Windows XP.

Affected Software:
Microsoft Windows NT 4.0
Microsoft Windows NT 4.0 Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP

Patch availability
Download locations for this patch.