me101 Veteran Posted July 20, 2001 Veteran Share Posted July 20, 2001 Oops... Microsoft should follow it's own advice as it seems that the Code Red worm has struck according to The Register. As previously reported, the worm attacks what's now called the .ida vulnerability, an unchecked buffer in the IIS Indexing Service ISAPI filter, which, if exploited, can yield system-level access to an intruder. The fact that the Windows Update site, which provides a portal to product updates and security patches along with advice on critical updates, wasn't itself up to date with the latest security patches is richly ironic. You can see the defacement here. A patch to guard against the .ida vulnerability has been available for over a month but the spread of the worm indicates sys admins have not woken up to the problem, even after the release of an attack script was released on 21 June by Japanese hacker HighSpeed Junkie. Code Red is not saved as a file, but injected and executed directly from memory. Patching the security hole in the system and rebooting will remove the worm and prevent further infection. Read more @ The Register As of a few mins ago, windowsupdate.microsoft.com was still unreachable, producing the following html page (or lack of it!), delivered this to to your browser (blank page) aong with another frame within (not displayed) about DHTML scripting technology etc... <pre><HTML></HTML></pre> Link to comment Share on other sites More sharing options...
Recommended Posts