Yep, fair enough, I removed the mappings to the afffected dll thus
eliminating any further faulty MS coding issues.
I agree 100% with you on the hot fixes, I do the same except in a situation
as serious as MS01-033. It would be prudent to do the initial fix and then
follow the issue. The actual code is very elementary, I have a real good IIS
log file showing exactly what the worm did. If anyone would like a copy
email me directly at [EMAIL PROTECTED] and i will send it to you.
The problem IMHO is the fact that the exploits are made public to the
vendors and the exploiters at the same time. The script kiddies arent gonna
wait around to see if the patch is going to be effective or not.
Rick Davidson
Systems Administrator
Buckeye Internet Services, Ltd.
The cool thing about technology is that it keeps getting cooler.
- #3
----- Original Message -----
From: "David Setzer" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, July 20, 2001 2:44 PM
Subject: Re: [IMail Forum] IIS 5 - Chinese Worm
> Hello Rick,
>
> Seen this post from MS IIS Newsgroup? Figured it out? They've tweeked that
> patch! So, initial patching was questionable at best. That's why most of
us
> let these patches and hotfixes sit for a few weeks. (i.e. - Imail 7.02
> Hotfix 1) (or was it 2.35887 :-)
>
> David
>
>
> >just FYI
> >
> >I have confirmed that two systems which had previously had these patches
> >applied still suffered from the problem (IIS shutdown) but that neither
> >system has 'root.exe' or the seced file on them.
> >
> >in both cases:
> >reapply NT SP 6a
> >reapply Q295534i.exe & Q300972i.exe
> >has rectified the problem.
> >
> >I am concerned however that, due to previous application of same patches,
I
> >am still at risk. comment ?
> >
> >Aaron Klein wrote in message <#LcEw5IEBHA.1400@tkmsftngp05>...
> >>I would re-apply them to make sure. Several folks have done that and the
> >>problem resolves itself.
>
> ----- Original Message -----
> From: "Rick Davidson" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, July 20, 2001 10:20 AM
> Subject: Re: [IMail Forum] IIS 5 - Chinese Worm
>
>
> > this exploit is over a month old and the patch is a month old as well,
> > anybody who was affected deserved it. Take responsibility for your
> systems.
> >
> > Sign up for NTBUGTRAQ and the MS security lists and you will know about
> this
> > stuff within hours not a after its too late.
> >
> > http://www.ntbugtraq.com/
> >
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
> > bulletin/notify.asp
> >
> > Sorry to rant but sheesh,
> > Rick Davidson
> > Systems Administrator
> > Buckeye Internet Services, Ltd.
> > The cool thing about technology is that it keeps getting cooler.
> > - #3
> >
> >
> >
> > Please visit http://www.ipswitch.com/support/mailing-lists.html
> > to be removed from this list.
> >
> > An Archive of this list is available at:
> > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> >
>
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
> An Archive of this list is available at:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
