[unisog] [dc-sage] Code Red mutated? (fwd)

John Valenti valenti at msu.edu
Mon Aug 6 19:53:35 GMT 2001

At 02:04 PM 8/6/2001 -0500, Paul L Schmehl wrote:
>I happen to know the Microsoft security folks personally, and I can assure 
>you that they care deeply and are working very hard to improve.  But 
>they're fighting an uphill battle when their customers won't do their job.
>For example, the ISAPI vulnerability that Code Red exploits was patched 
>almost a full month prior to the first infection.  The relative path 
>exploit that the Code Red II worm uses to active its trojan was patched 
>over a year ago.
>If people won't run the patches and Service Packs in a timely manner, what 
>is MS supposed to do?  Name a vendor other than Red Hat and Debian that 
>has made patches as easy as Windows Update makes them.    ....

Windows Update is great tool, but the last time I looked the security 
hotfixes weren't there.
I complained to the Microsoft security folks a few months ago, they replied 
that it was technically or politically difficult to get all the patches in 
one location.


* John Valenti Systems Analyst, Labor & Industrial Relations *
* 408 S Kedzie Hall, Michigan State University, E. Lansing, MI 48824 *
* (517) 353-1807 fax (517) 355-7656 valenti at msu.edu *

More information about the unisog mailing list