A quick skim through the bulletin tells me that someone *could* write a worm that incorporates that vulnerability, but I haven't seen any attempts in my httpd logs... On Mon, 6 Aug 2001, Seth M. Kusiak wrote:

Perhaps I should explain a bit more:

This is a known exploit (http://www.microsoft.com/technet/security/bulletin/ms01-023.asp) however I saw many requests from multiple IP's. I thought that this was odd to see so many in such a short time. I thought that maybe another worm was on the loose.

~Seth

Seth M. Kusiak writes:

...

I'm seeing this. Anyone else?

-------------------------------------------------------------------------- 2001-08-05 22:11:37 <Client IP> - <Server IP> 80 GET /NULL.printer - 302 0 315 2365 0         3À°؋‹@`3Û³$Ãÿà빐1Œj - - - --------------------------------------------------------------------------

-- Bob <melange@yip.org> | Yes. I know. That is, indeed, *not* mayonnaise.