RED-CODE WORM PATCH possibly not working ????

From: tigerblue (tigerblueat_private)
Date: Fri Jul 20 2001 - 05:36:15 PDT

Next message: Jerome Alet: "Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm."

Previous message: Bugtraq Account: "Origin of Code Red worm?"
Next in thread: Steve Halford: "RE: RED-CODE WORM PATCH possibly not working ????"
Reply: Steve Halford: "RE: RED-CODE WORM PATCH possibly not working ????"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

i have got some IIS4-and some IIS5-servers. I was checking the logfiles =
to get a short info about the red-code worm. The IIS4-servers were =
respondig to the get default.ida with a http 40x code, but the IIS5 on =
w2k machines were all responding with an http 200 code. Hmmm strange =
=B4cause all the servers have been patched in the last month against =
this idq-vulnerability (MS01-033).

I=B4m really a wondering, is it normal, that the w2k servers reponding =
with an 200-Code or is mabe the patch not working at all... does anybody =
had this effect ????

best regards

tigerblue

MCSE systemadministration

Next message: Jerome Alet: "Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm."
Previous message: Bugtraq Account: "Origin of Code Red worm?"
Next in thread: Steve Halford: "RE: RED-CODE WORM PATCH possibly not working ????"
Reply: Steve Halford: "RE: RED-CODE WORM PATCH possibly not working ????"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jul 20 2001 - 14:53:55 PDT