Re: Code Red patch issue?

From: Michael J. Cannon (mcannon@ubiquicomm.com)
Date: 08/08/01


Message-ID: <001c01c12046$a9034d50$26389418@scooby>
From: "Michael J. Cannon" <mcannon@ubiquicomm.com>
To: "Michael J. Cannon" <mcannon@ubiquicomm.com>, "Cynthia Thorpe" <cthorpe07@hotmail.com>, <SECURITY-BASICS@securityfocus.com>
Subject: Re: Code Red patch issue?
Date: Wed, 8 Aug 2001 15:13:59 -0500

Sorry to be so pessimistic. This is MUCH worse than MELISSA or ILY
'emergencies.'

Here's an article from SecurityFocus.com that MAY offer some help (ie.
securing an inherently insecure platform when patching is not an option):

http://www.securityfocus.com/frames/?focus=ids&content=/focus/ids/articles/h
ogwash.html

I'm using hogwash at 3 of 9 sites pretty well...it seems to work in a pinch
and actually offers some interesting alternative hardening strategies.

Michael J. Cannon
----- Original Message -----
From: "Michael J. Cannon" <mcannon@ubiquicomm.com>
To: "Cynthia Thorpe" <cthorpe07@hotmail.com>;
<SECURITY-BASICS@securityfocus.com>
Sent: Wednesday, August 08, 2001 2:47 PM
Subject: Re: Code Red patch issue?

> It'll be interesting to see if M$ responds, Cynthia. (They lurk here).
> PLEASE tell us how this resolves, if you get help offline (or email me
> directly and I'll add it to the NT4/IIS/ISAPI issues whitepaper I'm
prepping
> for a coming conference).
>
> I've got 9 clients who were in the same boat. My advice to them?:
>
> -You're hosed. Microsoft has stymied you with their 'upgrades.'
> -Your only alternative (from the MS security site) is an upgrade to W2K
TS,
> with possible upgrades to Exchange and the possible requirement to setup
W2K
> AS on a separate box.
>
> Meanwhile, get your box off the net, because you're probably 'owned' by
now
> and will need to clean the box. As soon as you do and put an unpatched
box
> back on the net, with Indexing, ISAPI filters, or URL re-directs, (some of
> which are required by the Exchange Web Access and TS) enabled, you'll be
> re-infeccted. The current CR II and III install a back-door on the
> targetted box that gives anyone who knows how to take control of the box
and
> (depending on your Enterprise security) your domain.
>
> The REALLY interesting thing here is why the SPs and patches don't work.
> Suffice to say, its the fault of Microsoft's business model and
enslavement
> to the share price of their stock. Despite what they say, their business
> model (that of universally hidden and proprietary code) is dead. Code Red
> and SirCAM and problems of customers such as yourself will simply
accelerate
> it.
>
> Michael J. Cannon
> mailto:mcannon@ubiquicomm.com
>
>
> ----- Original Message -----
> From: "Cynthia Thorpe" <cthorpe07@hotmail.com>
> To: <SECURITY-BASICS@securityfocus.com>
> Sent: Tuesday, August 07, 2001 9:22 AM
> Subject: Code Red patch issue?
>
>
> > Hi,
> > I'm new to the list - and have an issue that I'm hoping someone can
> > assist with. My company is small - and has combined a number of
> applications
> > on just a few servers. We have Exchange 5.5 (running Outlook web access)
> > SP4, and Citrix Terminal Server (NT SP4 for Terminal Server) running on
> the
> > same box. Yes, I know that this isn't great - but it's how they have to
> run
> > at the moment. The Code Red patch fails to install - stating that it
can't
> > install on a Terminal Server PC. Does anyone have any ideas on how to
> > safeguard this server from the virus?
> >
> > Thanks,
> >
> > Cynthia
>
>



Relevant Pages

  • RE: Code Red patch issue?
    ... Subject: Code Red patch issue? ... > install on a Terminal Server PC. ... Are you installing the patch for standard server or for terminal server? ...
    (Security-Basics)
  • RE: Code Red patch issue?
    ... Subject: Code Red patch issue? ... EVERY patch that you install is terminal server specific. ...
    (Security-Basics)
  • RE: Code Red patch issue? Terminal Server patch
    ... Subject: Code Red patch issue? ... SP4, and Citrix Terminal Server running on the ... The Code Red patch fails to install - stating that it can't ...
    (Security-Basics)
  • Re: Code Red patch issue?
    ... Subject: Code Red patch issue? ... with possible upgrades to Exchange and the possible requirement to setup W2K ... The Code Red patch fails to install - stating that it can't ... > install on a Terminal Server PC. ...
    (Security-Basics)
  • Re: Code Red patch issue?
    ... The Code Red patch fails to install - stating that it can't ... > install on a Terminal Server PC. ... Terminal Services, install Office, then install Terminal ...
    (Security-Basics)