Paul Roub

A Software Tool Geek in His Natural Habitat

Vault/Fortress WebDAV Not Affected by the IIS WebDAV Vulnerability

You may have seen, or read reports of, Microsoft Security Advisory 971492 (Vulnerability in Internet Information Services Could Allow Elevation of Privilege), which details a potential security hole in IIS’s WebDAV service. And you may be aware that Vault 5 and Fortress 2 (both in beta now) offer WebDAV access to version control repositories.

You needn’t be concerned for your code’s security — even when running under IIS 6 (the version affected by this issue), Vault and Fortress do not use Microsoft’s WebDAV services. The code is completely separate, specific to Vault and Fortress, and doesn’t access the file system in the way that’s causing trouble for Microsoft.

So feel free to keep testing Beta 1 while we work on Beta 2, and keep the feedback coming in the Support Forums.