North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Code Red 2 cleanup; reporting..

  • From: Rafi Sadowsky
  • Date: Tue Aug 14 08:43:49 2001

 AFAIK ( Not that I'm a W2K expert )
W2K pro comes with IIS installed but but with the service disabled

 Unfortunately it seems that some SW installs enable IIS and/or the
restore/recreate the .idq/.ida mappings without asking(or even notifying)
(which is why removing those mappings isn't a replacement for the patch :-(  )

-	Rafi

On Fri, 10 Aug 2001, Steven M. Bellovin wrote:

>
> In message <[email protected]>, Roeland Me
> yer writes:
>
> >
> >> So -- if he wasn't running IIS, what was he running?
> >
> >Win2K boxen are ALWAYS running IIS. It doesn't matter whether you have Pro
> >or Server. ALL Win2K systems need to run the patch. MSFT chose to integrate
> >much of the IIS stuff into DLLs with other system critical stuff. As a
> >result, IIS can't be completely removed without killing off other critical
> >functions. Yes, what they proved in court is even more true with Win2K than
> >with Win98 (Duh! MSFT didn't lie, but they didn't tell the whole truth
> >either). WinXP is even more in that direction, from all reports.
>
> I think you're confusing IIS with Internet Explorer.  And Microsoft
> denies that it's installed by default on Win2K Professional -- see
> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-033.asp
> XP Beta 2 does have IIS by default; XP RC1 and RC2 do not.
>
> I can't be sure they're telling the whole truth; I can tell you that
> the two Win2K boxes I sometimes use are not listening to anything on
> port 80.
>
> >
> >BTW, is any motion happening, in the direction of finding the author(s)? I'd
> >like to personally thank them, with a new neck-tie. The other end is
> >attached to a huge California oak tree.
> >
> Not that I've heard.
>
> 		--Steve Bellovin, http://www.research.att.com/~smb
>
>
>