We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

The 8 most dangerous Windows vulnerabilities

The bugs that caused the most serious damage

Uncovering and exploiting Windows vulnerabilities has become as sport for many, and in a number of cases, even a career. We've rounded up a list of the worst Windows flaws we've endured since the introduction of Windows 98

Folder traversal: Total server control with a single URL

Bug identifier: MS00-078
Description: Web server folder traversal vulnerability
Alias: Directory traversal bug
Date published: October 17 2000

If there's one thing we've learned from the past decade of Microsoft patches, it's that not everyone keeps on top of them. When Microsoft published this particular advisory, the patch that fixed the problem (MS00-057) had already been released two months prior.

With this bug, if you knew the layout of a Microsoft file system - which folders appear where - you could send a command to a web server that essentially gave you total control.

As anyone who has spent any time using a Windows computer will tell you, it's not hard to find your way around the hard drive. Documents go in a particular folder path; most applications are put in another folder path; and so on. By using dots and backslashes (or their respective unicode representations) in the URL, this bug allowed you to navigate up and down the file system and execute commands, just by knowing a few simple rules and how Windows organises itself. While account permissions for IIS are somewhat limited, a related exploit helped escalate privileges, giving remote users the ability to do whatever they wanted to with Windows servers simply by sending a few URLs.

"Originally found as an anonymous post in the PacketStorm forums, this resulted in nearly two straight years of mass ownage against Windows web servers," Moore writes.

Upshot: Directory traversal opened up a new world for automated attacks that merely had to call a particular URL to do their dirty work.

NEXT PAGE: The Code Red bug

  1. These bugs caused serious damage
  2. Total server control with a single URL
  3. The Code Red bug
  4. The fastest infection ever
  5. The Blaster Worm bug
  6. The sassy bug with a lot of spunk
  7. Drive-by downloads
  8. The component that keeps on giving (headaches)

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security product reviews


IDG UK Sites

Moto G2 (2014) vs Moto E comparison review: New Moto G is worth the extra cash

IDG UK Sites

Is Apple losing confidence in itself?

IDG UK Sites

Oculus Rift 'Crescent Bay' prototype hands-on: it's an amazing experience

IDG UK Sites

How (and where) to buy an iPhone 6 or iPhone 6 Plus in the UK. Plus: What to do if you pre-ordered...