Hello Rick,
Seen this post from MS IIS Newsgroup? Figured it out? They've tweeked that
patch! So, initial patching was questionable at best. That's why most of us
let these patches and hotfixes sit for a few weeks. (i.e. - Imail 7.02
Hotfix 1) (or was it 2.35887 :-)
David
>just FYI
>
>I have confirmed that two systems which had previously had these patches
>applied still suffered from the problem (IIS shutdown) but that neither
>system has 'root.exe' or the seced file on them.
>
>in both cases:
>reapply NT SP 6a
>reapply Q295534i.exe & Q300972i.exe
>has rectified the problem.
>
>I am concerned however that, due to previous application of same patches, I
>am still at risk. comment ?
>
>Aaron Klein wrote in message <#LcEw5IEBHA.1400@tkmsftngp05>...
>>I would re-apply them to make sure. Several folks have done that and the
>>problem resolves itself.
----- Original Message -----
From: "Rick Davidson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, July 20, 2001 10:20 AM
Subject: Re: [IMail Forum] IIS 5 - Chinese Worm
> this exploit is over a month old and the patch is a month old as well,
> anybody who was affected deserved it. Take responsibility for your
systems.
>
> Sign up for NTBUGTRAQ and the MS security lists and you will know about
this
> stuff within hours not a after its too late.
>
> http://www.ntbugtraq.com/
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
> bulletin/notify.asp
>
> Sorry to rant but sheesh,
> Rick Davidson
> Systems Administrator
> Buckeye Internet Services, Ltd.
> The cool thing about technology is that it keeps getting cooler.
> - #3
>
>
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
> An Archive of this list is available at:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
