[thelist] [OT] Web Server Worm Infects 12,000 Web Servers
Anthony Baratta
Anthony at Baratta.com
Thu Jul 19 14:05:01 CDT 2001
At 10:54 AM 7/19/2001, you wrote:
>At 10:53 PM 7/18/2001 -0700, Christine wrote:
>> Just
>>reiterates my point that we have the best hosting provider in the world.
>>(www.superwebhost.com - Christine from protonic.com referred ya!) :)
>
>Not to be overly critical or anything, but this worm exploits a hole in
>IIS that was discovered quite some time ago. The patch that fixes the
>.ida vulnerability was released June 18th. Your host should never have
>been hit, because they should have patched their server a month ago. In
>my opinion, you should be asking them why they didn't apply the patch
>before the worm was an issue.
You are correct in saying that security should be important to the admin.
However, if you regularly visit the appropriate MS Page for NT Critical
updates this patch is not listed on the page.
http://www.microsoft.com/ntserver/nts/downloads/default.asp
In fact this page has not been updated since May. ;-(
Not that this is the only route to the critical update information - it
still sucks that it's behind and out of date.
----
Anthony Baratta
President
Keyboard Jockeys
More information about the thelist
mailing list