Re: RED-CODE WORM PATCH possibly not working ????

From: fyom (fyomat_private)
Date: Fri Jul 20 2001 - 15:17:44 PDT

  • Next message: David Bernick: "ANOTHER possible Windows problem?"

    Hi,
    
    I have the exact same issue for IIS5.  I installed Q300972 last month, but
    saw the 200 http result codes for the .ida attacks.  I re-ran my install of
    Q300972, but I still see the 200 result codes.
    
    I want to hedge this by saying that it does not appear that my IIS5 servers
    have been penetrated.  The patch seems to be working but I get that
    unsettling 200 http result code.
    
    -Francis
    
    
    ----- Original Message -----
    From: "tigerblue" <tigerblueat_private>
    To: <bugtraqat_private>
    Sent: Friday, July 20, 2001 8:36 AM
    Subject: RED-CODE WORM PATCH possibly not working ????
    
    
    >
    >
    > Hi,
    >
    > i have got some IIS4-and some IIS5-servers. I was checking the logfiles =
    > to get a short info about the red-code worm. The IIS4-servers were =
    > respondig to the get default.ida with a http 40x code, but the IIS5 on =
    > w2k machines were all responding with an http 200 code. Hmmm strange =
    > =B4cause all the servers have been patched in the last month against =
    > this idq-vulnerability (MS01-033).
    >
    > I=B4m really a wondering, is it normal, that the w2k servers reponding =
    > with an 200-Code or is mabe the patch not working at all... does anybody =
    > had this effect ????
    >
    > best regards
    >
    > tigerblue
    >
    > MCSE systemadministration
    >
    >
    >
    >
    >
    
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:
    
    http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Sat Jul 21 2001 - 14:44:43 PDT