A quick skim through the bulletin tells me that someone *could* write a worm that incorporates that vulnerability, but I haven't seen any attempts in my httpd logs... On Mon, 6 Aug 2001, Seth M. Kusiak wrote:
Perhaps I should explain a bit more:
This is a known exploit (http://www.microsoft.com/technet/security/bulletin/ms01-023.asp) however I saw many requests from multiple IP's. I thought that this was odd to see so many in such a short time. I thought that maybe another worm was on the loose.
~Seth
Seth M. Kusiak writes:
I'm seeing this. Anyone else?
-------------------------------------------------------------------------- 2001-08-05 22:11:37 <Client IP> - <Server IP> 80 GET /NULL.printer - 302 0 315 2365 0 3À°Ø@`3Û³$Ãÿàë¹1j - - - --------------------------------------------------------------------------
-- Bob <melange@yip.org> | Yes. I know. That is, indeed, *not* mayonnaise.