Effects 

MS09-020 is not categorized as virus, worm, Trojan or backdoor. It is a group of important vulnerabilities in Internet Information Services, which allows local privilege escalation in the vulnerable computer.

The affected components are:

• Internet Information Services 5.0 on Windows 2000.
• Internet Information Services 5.1 on Windows XP.
• Internet Information Services 6.0 on Windows 2003/XP.

The addressed vulnerabilities are:

• IIS 5.0 WebDAV Authentication Bypass vulnerability.
• IIS 5.1 and 6.0 WebDAV Authentication Bypass vulnerability.

These vulnerabilities occur because the WebDAV extension does not properly decode a specially crafted requested URL.

WebDAV (Web Distributed Authoring and Versioning) is an extension to the HTTP protocol that defines how file functions such as copy, move, create and delete are performed by a computer using HTTP.

If exploited successfully, MS09-020 allows to gain unauthorized privileges on a computer or network. An example of privilege elevation would be an unprivileged user who could manage to be added to the Administrator's group. In such case, the hacker could take complete control of the system: create, modify or delete files, install programs, create new user accounts, etc.

This vulnerability is exploited by running a specially crafted HTTP request to a website that requires authentication.

If you have any of the vulnerable components installed on your computer, it is recommended to download and apply the security patch for this vulnerability. Click here to access the web page for downloading the patch.