Microsoft Security Bulletin MS03-007
Unchecked Buffer In Windows Component Could Cause Web Server Compromise (815021)
Some hole in WebDav that could be exploited, so patch up. But wait! What is kinda of interesting is that you could hose your machine by doing so. If you expand out the "Additional information about this patch" you'll find out that "Versions of ntoskrnl.exe between 5.0.2195.4797 and 5.0.2195.4928 (inclusive) are not compatible with this patch." "If the patch for this issue is installed on a system with one of these versions of ntoskrnl.exe, the machine will fail on the first reboot with a Stop 0x00000071 message and will have to be recovered using the Windows 2000 recovery console." Well, "These versions were only distributed with Product Support Services hotfixes." I barely noticed that little bit of info, just thought it was interesting. Since this is one of those "zero day" flaws, there are people out there already being affected (the Army being one of the targets you see mentioned). I'd assume there are going to be some admins jumping on this patch perhaps a little too quick.
On a related note, can someone point me towards some info on the /gc type stuff in Windows 2003 Server? From what I understand, things like this and the SQL Slammer worm do not affect the server. But what exactly happens when an exploit tries to run? I guess it would just fail, but it seems like the unexpected failure could also be trouble for the server. Why don't you see more hype about this? Are they unsure of the technology?