|
Important Information for IIS 4.0 Server Administrators Regarding
the Code Red Worm
Several recent reports have noted that the Code Red
worm can in some cases cause IIS 4.0 servers to fail even if the patch
provided in Microsoft Security Bulletin
MS01-033 has been applied. Microsoft has
investigated these reports and found that this does occur in some cases.
Although the investigation is continuing, we’d like to provide the
information we have at this time, and advise our customers of the steps
we’re taking.www.tartoos.com
Some of the reports
claim that the situation occurs because of a flaw in the patch we provided
in Microsoft Security Bulletin
MS01-033. This is incorrect. The patch
completely eliminates the vulnerability discussed in the security
bulletin, and fully protects IIS 4.0 and IIS 5.0 systems from being
infected by the Code Red worm.www.tartoos.com
The problem arises because of an unrelated, and
previously unknown, denial of service vulnerability affecting IIS 4.0
servers in non-default configurations. When IIS 4.0 is configured to
perform URL redirection, a particular type of malformed request can cause
the service to fail. As it happens, the Code Red worm generates exactly
these types of requests when it tries to infect new machines. The patch
provided in
MS01-033 causes the requests to be treated as
invalid, which prevents the infection. However, if URL redirection is
enabled, the rejected requests then exploit the newly discovered denial of
service vulnerability.www.tartoos.com
Microsoft has developed a patch that eliminates the
denial of service vulnerability,
MS01-044. This patch also contains the Code Red
fix (MS01-033)
as well as being a cumulative roll up for ALL previous IIS patches.
Customers are urged to apply this new patch to fully protect themselves
against all known Code Red issues, as well as all known IIS issues.
Information on the patch is available at the bulletin at:
http://www.microsoft.com/technet/security/bulletin/ms01-044.mspx.www.tartoos.com
It’s important to note that IIS 5.0 systems are not affected by the newly
discovered vulnerability, and IIS 4.0 systems are only affected if they
are configured to perform URL redirection. (This is not the default
configuration). Until the patch is available, customers who are affected
by this new vulnerability can protect their systems by disabling URL
redirection.www.tartoos.com
Note: New tools are available to help you
ensure your
individual workstation or
all the computers on your network are up to date
on all security patches for Windows NT 4.0, Windows 2000, IIS 4.0, IIS
5.0, IE, and SQL Server.
|
