From: David Lesher [mailto:wb8foz@nrk.com] Sent: Sunday, August 12, 2001 5:46 AM
Unnamed Administration sources reported that mike harrison said:
Turns out that because they had not installed IIS, they did not patch the system....
Then when they installed Citrix, it installed IIS.
After looking around, it seems a LOT of 'other' software installs IIS when no-one is looking.
Like Front Page ;-?
Isn't it nice that M$ is so helpful?
I think that the point's been well-made now. Win2Kpro hosts need to run the patches, regardless of whether or not anyone *thinks* that host is running IIS and regardless of any nit-picky arguments against the need. NetAdmins should quit whining and do their jobs. I still LOVE this sig-line....
-- A host is a host from coast to coast.................wb8foz@nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433
Interestingly enough it seems Microsoft's patch creates a DOS against IIS servers that redirect requests: http://www.incidents.org/diary/diary.php#801 We were seeing IIS crash on a CodeRed patched NT box over the last few weeks. It turns out to be caused by the combination of CodeRed and Microsoft's patch. Changing the redirect behavior of the server seems to have fixed it. Given the way IIS crashes I wouldn't be too surprised to find out that there is another buffer overrun somewhere in either the patch or the redirect code. Mark Radabaugh Amplex (419) 833-3635
participants (2)
-
Mark Radabaugh - Amplex
-
Roeland Meyer