| Information on Code Blue Worm We’ve received a number of queries from customers regarding a newly reported worm called Code Blue. Although there are no indications at present that the worm is widespread in the wild, customers can easily protect their systems against it. www.tartoos.com The worm infects systems by exploiting the security vulnerability discussed in Microsoft Security Bulletin MS00-078. This bulletin, which was released almost a year ago, provides a patch that completely eliminates the vulnerability. Systems that have the patch installed are not at risk from the worm.www.tartoos.com The fix for the vulnerability has been included in several subsequent releases. Specifically, systems that have any of the following installed are at no risk from the vulnerability, or the Code Blue worm: - The patch provided in Microsoft Security Bulletin MS00-086. - The cumulative patch for IIS provided in Microsoft Security Bulletin MS00-026. - The cumulative patch for IIS provided in Microsoft Security Bulletin MS00-044. - Windows 2000 Service Pack 2. - The Windows NT 4.0 Security Roll-up Patch. Microsoft recently released a free tool called HFNetChk that makes it easy to ensure that your systems are up to date on all security patches. The tool is available for download at http://www.microsoft.com/technet/security/tools/hfnetchk.mspx. www.tartoos.com More information on the Code Blue worm is available at http://www.sarc.com/avcenter/venc/data/w32.bluecode.worm.html. |