[thelist] [OT] Web Server Worm Infects 12,000 Web Servers
Judah McAuley
judah at wiredotter.com
Thu Jul 19 14:41:24 CDT 2001
At 12:05 PM 7/19/2001 -0700, Anthony wrote:
>You are correct in saying that security should be important to the admin.
>However, if you regularly visit the appropriate MS Page for NT Critical
>updates this patch is not listed on the page.
>
>http://www.microsoft.com/ntserver/nts/downloads/default.asp
>
>In fact this page has not been updated since May. ;-(
>
>Not that this is the only route to the critical update information - it
>still sucks that it's behind and out of date.
I would certainly agree with you that Microsoft's security updates are
generally lacking. In this case, however, the file was listed as a
critical update for W2K and not for NT 4 because it only effects the Index
Server on NT 4 (not installed by default) but effects the Index Service
under W2K (installed by default). Therefore I guess they deemed it
critical for 2K, but not for NT because NT users would have to manually
install it from the Option Pack.
That being said, the vulnerability should have come up because admins
should remove any script mappings that they don't use (like .ida (Internet
Data Administration) and .idq (Internet Data Query) ). In the same manner,
how many people use Web-based access to printers through IIS? Anyone who
doesn't should remove the mapping. That way they wouldn't have been
vulnerable when that .dll was exploited. Of course, in that particular
case, Windows reinstalls the mapping without telling you.
As much as I rag on Admins for not keeping up with fixes and being
proactive about removing things they don't use, I must admit that the
fundamental problem is that Microsoft doesn't give a rat's ass about
securing coding practices. Hackers have tools for scanning dll's for
buffer overrun conditions, why doesn't Microsoft use them *before* they
ship a product? The answer: security isn't cost effective for them
yet. And that pisses me off to no end. And I still have to use their
products.
*sigh*
Judah
More information about the thelist
mailing list