HP3000-L Archives

July 2001, Week 5

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: A real threat, it appears
From:
"Steve Dirickson (Volt)" <[log in to unmask]>
Reply To:
Steve Dirickson (Volt)
Date:
Tue, 31 Jul 2001 16:58:22 -0700
Content-Type:
text/plain
Parts/Attachments:
text/plain (19 lines) 
> >From what I've read of the CERT reports, the
> "Code Red" virus attacks specific vulnerabilities
> in the NT and W/2K IIS systems.  Does that mean, like
> Bruce queries, that NT is intrinsically vulnerable?
>
> No, it just means some doofus at MS left a big
> gaping hole somewhere that needed to be plugged.

FWIW, the actual vulnerability is an unchecked buffer in the Indexing
Service component, not in IIS itself. Unlike NT4, Win2K's default
installation does *not* install the Indexing Service, so people who
installed Win2K without asking for the Indexing Service component are
not vulnerable to this particular attack. Likewise, you can safely (with
respect to Code Red anyway ;-) leave IIS running if you turn off the
Indexing Service. Though it might be easier to just install the patch.

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2