On Friday, July 20, 2001 5:36 tigerblue wrote > > > i have got some IIS4-and some IIS5-servers. I was checking the logfiles = > to get a short info about the red-code worm. The IIS4-servers were = > respondig to the get default.ida with a http 40x code, but the IIS5 on = > w2k machines were all responding with an http 200 code. Hmmm strange = > =B4cause all the servers have been patched in the last month against = > this idq-vulnerability (MS01-033). > > I=B4m really a wondering, is it normal, that the w2k servers reponding = > with an 200-Code or is mabe the patch not working at all... does anybody = > had this effect ???? The 404 code will return only when you have ida mapping disabled. The patch fixes the buffer overrun problem; it does not disable the mapping. To test for whether the patch is applied, you should look at the file date of the idq.dll; if it is 5/24/2001, the patch has been applied. Steve Halford shalfordat_private
This archive was generated by hypermail 2b30 : Fri Jul 20 2001 - 15:29:28 PDT