North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Code Red 2 cleanup; reporting..

  • From: Tim Devries
  • Date: Fri Aug 10 11:28:21 2001

Title: RE: Code Red 2 cleanup; reporting..

-----Original Message-----
From: Roeland Meyer [mailto:[email protected]]
Sent: Friday, August 10, 2001 11:22 AM
To: '[email protected]'; [email protected]
Subject: RE: Code Red 2 cleanup; reporting..

> From: [email protected] [mailto:[email protected]]
> Sent: Friday, August 10, 2001 8:09 AM
> On Fri, 10 Aug 2001, Roeland Meyer wrote:
> > Win2K boxen are ALWAYS running IIS. It doesn't matter
> whether you have Pro
> > or Server. ALL Win2K systems need to run the patch. MSFT
> chose to integrate
> > much of the IIS stuff into DLLs with other system critical
> stuff. As a
> > result, IIS can't be completely removed without killing off
> other critical
> > functions. Yes, what they proved in court is even more true
> with Win2K than
> > with Win98 (Duh! MSFT didn't lie, but they didn't tell the
> whole truth
> > either). WinXP is even more in that direction, from all reports.
> I admit to knowing very little about Win2k, but on the only box I've
> installed Win2k on, it doesn't *appear* to be running:
> Port    State       Protocol  Service
> 135     open        tcp        loc-srv
> 139     filtered    tcp        netbios-ssn
> 445     open        tcp        microsoft-ds
> 1025    open        tcp        list
> ...unless it runs on one of those 3 other open ports?  This was Win2k
> Client, not server, BTW...perhaps you mean every Win2k Server?

Win2k proffesional can run IIS.  Goto add remove programs -->add/remove windows components ---> IIS.
You probably did not select the component on the install.
So I guess that means that not every w2k box is vulnerable.