North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Code Red 2 cleanup; reporting..
AFAIK ( Not that I'm a W2K expert ) W2K pro comes with IIS installed but but with the service disabled Unfortunately it seems that some SW installs enable IIS and/or the restore/recreate the .idq/.ida mappings without asking(or even notifying) (which is why removing those mappings isn't a replacement for the patch :-( ) - Rafi On Fri, 10 Aug 2001, Steven M. Bellovin wrote: > > In message <[email protected]>, Roeland Me > yer writes: > > > > >> So -- if he wasn't running IIS, what was he running? > > > >Win2K boxen are ALWAYS running IIS. It doesn't matter whether you have Pro > >or Server. ALL Win2K systems need to run the patch. MSFT chose to integrate > >much of the IIS stuff into DLLs with other system critical stuff. As a > >result, IIS can't be completely removed without killing off other critical > >functions. Yes, what they proved in court is even more true with Win2K than > >with Win98 (Duh! MSFT didn't lie, but they didn't tell the whole truth > >either). WinXP is even more in that direction, from all reports. > > I think you're confusing IIS with Internet Explorer. And Microsoft > denies that it's installed by default on Win2K Professional -- see > http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-033.asp > XP Beta 2 does have IIS by default; XP RC1 and RC2 do not. > > I can't be sure they're telling the whole truth; I can tell you that > the two Win2K boxes I sometimes use are not listening to anything on > port 80. > > > > >BTW, is any motion happening, in the direction of finding the author(s)? I'd > >like to personally thank them, with a new neck-tie. The other end is > >attached to a huge California oak tree. > > > Not that I've heard. > > --Steve Bellovin, http://www.research.att.com/~smb > > >