From another list:
> >A friend of mine sent me a copy of a message from
> >his company's security team about Code Red. The
> >message includes:
> >
> >"If you have Microsoft XP operating system, please
> >physically disconnect the network cable from your PC.
> >Microsoft does not support XP operating system and
> >does not have a patch for IIS at this time"
From MS's CR bulletin:
"If you are using Windows 95, Windows 98, Windows Me,
Windows XP RC1 or later, or Windows .NET Server build
3505 or later, there is no action that you need to take in
response to this alert."
--------------------------
Microsoft's CURRENT (Aug 7, 4pm cst) CR bulletin, as
linked from their home page, says:
What To Do If You Are Vulnerable?
a. To rid your machine of the current worm, reboot your computer.
b. To protect your system from re-infection: Install the patch as
specified in the instructions.
This simply ignores the backdoor that CRII installs. Frankly that's
better than Symantec's half-baked CRII solution. At least MS can
come back later and say, "oops, it's worse, there's this CRII out
there and you need to wipe your PC". But I have to wonder if they
will and I have to be suspicious that the reason for delay is to see
how bad the post-CRII remodelling looks. *Much* better for them
to ignore it if it's less than, say, 10,000 remodelled machines,
because that's fairly invisible.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 15:13:07 PDT