Re: Microsoft Security Bulletin MS03-007 - 815021

From: Jeff Cochran (jcochran.nospam@naplesgov.com)
Date: 03/18/03 

From: jcochran.nospam@naplesgov.com (Jeff Cochran)
Date: Tue, 18 Mar 2003 15:07:02 GMT

>Probably the greatest advice ever given
>http://www3.gartner.com/DisplayDocument?doc_cd=101034
>"Gartner recommends that enterprises hit by both Code Red and Nimda
>immediately investigate alternatives to IIS, including moving Web
>applications to Web server software from other vendors, such as iPlanet and
>Apache.

Which of course means Apache on NT/W2K, correct? Or is it BSD? Red
Hat? Debian? SuSe? AS/400? Solaris?

Of course, they are quite correct. Since organizations hit by Code
Red, who then got hit by Nimda by not patching the Code Red holes,
should move to a system their admins understand even less...

Jeff

Relevant Pages

  • Re: Microsoft Security Bulletin MS03-007 - 815021
    ... >"Gartner recommends that enterprises hit by both Code Red and Nimda ... >applications to Web server software from other vendors, ... Since organizations hit by Code ...
    (microsoft.public.win2000.security)
  • Re: NIMDA has a built in timer? No hits lately
    ... NIMDA has a built in timer? ... > not been touched since 19:15:10 UTC this afternoon. ... hit so far was at 23:48:31 UTC. ... infection spreading across netblocks will probably have used a different ...
    (Incidents)
  • Re: NIMDA - ceased ? -
    ... >>04:54, Dec. 23 UTC is the last access of them, around here. ... My latest hit was this morning, ... I believe that Nimda and Code Red are usually dormant at the end of every ... But I agree that many Nimda-like probes are probably script kiddies. ...
    (Incidents)
  • RE: Wave of Nimda-like hits this morning?
    ... AT&T tells me that they have blocked Code Red, CRII, and Nimda ... >upstream, but I still get this traffic 15 times a day or so. ... >I had one IP hit my machine, ...
    (Incidents)
Quantcast