Security Incidents mailing list archives
Re: RED-CODE WORM PATCH possibly not working ????
From: "fyom" <fyom () symmsys com>
Date: Fri, 20 Jul 2001 18:17:44 -0400
Hi, I have the exact same issue for IIS5. I installed Q300972 last month, but saw the 200 http result codes for the .ida attacks. I re-ran my install of Q300972, but I still see the 200 result codes. I want to hedge this by saying that it does not appear that my IIS5 servers have been penetrated. The patch seems to be working but I get that unsettling 200 http result code. -Francis ----- Original Message ----- From: "tigerblue" <tigerblue () puzzleapuma de> To: <bugtraq () securityfocus com> Sent: Friday, July 20, 2001 8:36 AM Subject: RED-CODE WORM PATCH possibly not working ????
Hi, i have got some IIS4-and some IIS5-servers. I was checking the logfiles = to get a short info about the red-code worm. The IIS4-servers were = respondig to the get default.ida with a http 40x code, but the IIS5 on = w2k machines were all responding with an http 200 code. Hmmm strange = =B4cause all the servers have been patched in the last month against = this idq-vulnerability (MS01-033). I=B4m really a wondering, is it normal, that the w2k servers reponding = with an 200-Code or is mabe the patch not working at all... does anybody = had this effect ???? best regards tigerblue MCSE systemadministration
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: RED-CODE WORM PATCH possibly not working ???? fyom (Jul 21)