You must apply the MS Hotfix for IIS Web Traversal vulenerability (Q269862). It is not included in SP6a and is needed to block the described exploit (asdmind/IIS Worm). regards, Mike S -----Original Message----- From: Hugo van der Kooij [mailto:hvdkooijat_private] Sent: Wednesday, May 09, 2001 2:05 AM To: INCIDENTSat_private Subject: Re: IIS Exploit... On Tue, 8 May 2001, Chris Hobbs wrote: > Moral of the story: I upgraded to SP6A on this NT4 box 10 days ago. > Running IIS 4.0 still. I assumed that SP's applied patches to the web > server as well as the OS - either this isn't the case, or something new > developed in those last 10 days. Soma issues are patched. But if you check their advisories you know you don't get them all unless you keep up by fixing them manually as they are released. Hugo. -- All email send to me is bound to the rules described on my homepage. hvdkooijat_private http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger.
This archive was generated by hypermail 2b30 : Thu May 10 2001 - 19:21:38 PDT