-----Original Message----- From: Roeland Meyer [mailto:rmeyer@mhsc.com] Sent: Friday, August 10, 2001 11:22 AM To: 'up@3.am'; nanog@merit.edu Subject: RE: Code Red 2 cleanup; reporting..
From: up@3.am [mailto:up@3.am] Sent: Friday, August 10, 2001 8:09 AM
On Fri, 10 Aug 2001, Roeland Meyer wrote:
Win2K boxen are ALWAYS running IIS. It doesn't matter whether you have Pro or Server. ALL Win2K systems need to run the patch. MSFT chose to integrate much of the IIS stuff into DLLs with other system critical stuff. As a result, IIS can't be completely removed without killing off other critical functions. Yes, what they proved in court is even more true with Win2K than with Win98 (Duh! MSFT didn't lie, but they didn't tell the whole truth either). WinXP is even more in that direction, from all reports.
I admit to knowing very little about Win2k, but on the only box I've installed Win2k on, it doesn't *appear* to be running:
Port State Protocol Service 135 open tcp loc-srv 139 filtered tcp netbios-ssn 445 open tcp microsoft-ds 1025 open tcp list
...unless it runs on one of those 3 other open ports? This was Win2k Client, not server, BTW...perhaps you mean every Win2k Server?
Win2k proffesional can run IIS. Goto add remove programs -->add/remove windows components ---> IIS. You probably did not select the component on the install. So I guess that means that not every w2k box is vulnerable. Tim
participants (1)
-
Tim Devries