Re: Code Red patch issue?

From: Tom Le (tom@dottom.com)
Date: 08/10/01


Date: Fri, 10 Aug 2001 10:03:57 -0800 (Pacific Standard Time)
From: Tom Le <tom@dottom.com>
To: SECURITY-BASICS@securityfocus.com
Subject: Re: Code Red patch issue?
Message-ID: <20010810170357296.AAA1572@papasmurf.dottom.com@mail.dottom.com>

I've got a dozen NT 4.0/IIS 4.0/SP5 boxes in production that I do not
dare risk applying SP6A. I tried SP6 when it first came out and had
nightmares. MSFT claims 6A has no problems but I've talked to others
who have had problems.

My problem is I cannot apply the patch with SP5 (a very stable SP, btw).
But I checked my IIS mappings and since I never installed Index Server
I'm fine.

The problem is should I ever need Index Server (or some other service
that requires a vulernable ISAPI component), I may have no choice but
to upgrade.

I can't believe MSFT didn't release patches for different SP levels...

BTW, does anyone else think as I do that this whole Code Red thing was
a GREAT thing? I can image a much worse virus-worm that would stunned
the computing world. Now many vulnerable servers are fixed and other
virus-worms hitting the street won't infect nearly as many servers.
Of course, there's always the next great MSFT vulnerability lurking
around the corner...

>----- Original Message -----
>From: "Cynthia Thorpe" <cthorpe07@hotmail.com>
>To: <SECURITY-BASICS@securityfocus.com>
>Sent: Tuesday, August 07, 2001 9:22 AM
>Subject: Code Red patch issue?
>
>
> Hi,
> I'm new to the list - and have an issue that I'm hoping someone can
> assist with. My company is small - and has combined a number of
applications
> on just a few servers. We have Exchange 5.5 (running Outlook web access)
> SP4, and Citrix Terminal Server (NT SP4 for Terminal Server) running on
the
> same box. Yes, I know that this isn't great - but it's how they have to
run
> at the moment. The Code Red patch fails to install - stating that it can't
> install on a Terminal Server PC. Does anyone have any ideas on how to
> safeguard this server from the virus?
>
> Thanks,
>
> Cynthia