"Code Red Worm" Coverage in System Scanner
From: CustomerRelations (bpq@iss.net)Date: 08/01/01
- Previous message: CustomerRelations: "RealSecure Network Sensor XPU 3.1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <4.2.2.20010801174824.00a8b590@msgatl01.iss.net> Date: Wed, 01 Aug 2001 17:49:10 -0400 To: xpress@iss.net From: CustomerRelations <bpq@iss.net> Subject: "Code Red Worm" Coverage in System Scanner
TO UNSUBSCRIBE: email "unsubscribe xpress" in the body of your message to
MAJORDOMO@ISS.NET. Contact xpress-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
The Internet has recently been faced with the threat of a worm, dubbed
"Code Red". The worm exploits a vulnerability in unpatched versions of
Microsoft IIS (Internet Information Server). This vulnerability is detailed
in an ISS Security Alert dated July 30, 2001
(http://xforce.iss.net/alerts/advise89.php).
COVERAGE OF THIS VULNERABILITY IN SYSTEM SCANNER
This vulnerability is addressed by a check in the System Scanner 4.2
X-Press Update 3.01 released July 13, 2001. This XPU includes the check
MS01-033 'IIS idq.dll ISAPI extension buffer overflow' which detects if the
host system is vulnerable to the Code Red worm.
The check is included in the Initial-1, Maintenance-1 and IIS policies. The
check will report a vulnerability if the appropriate patch detailed in
Microsoft Security Bulletin MS01-033 has not been applied to IIS 4.0 or 5.0.
Questions, comments, or feedback?
Please email:
aeng@iss.net
- Previous message: CustomerRelations: "RealSecure Network Sensor XPU 3.1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
