[unisog] [dc-sage] Code Red mutated? (fwd)
valenti at msu.edu
Mon Aug 6 19:53:35 GMT 2001
At 02:04 PM 8/6/2001 -0500, Paul L Schmehl wrote:
>I happen to know the Microsoft security folks personally, and I can assure
>you that they care deeply and are working very hard to improve. But
>they're fighting an uphill battle when their customers won't do their job.
>For example, the ISAPI vulnerability that Code Red exploits was patched
>almost a full month prior to the first infection. The relative path
>exploit that the Code Red II worm uses to active its trojan was patched
>over a year ago.
>If people won't run the patches and Service Packs in a timely manner, what
>is MS supposed to do? Name a vendor other than Red Hat and Debian that
>has made patches as easy as Windows Update makes them. ....
Windows Update is great tool, but the last time I looked the security
hotfixes weren't there.
I complained to the Microsoft security folks a few months ago, they replied
that it was technically or politically difficult to get all the patches in
* John Valenti Systems Analyst, Labor & Industrial Relations *
* 408 S Kedzie Hall, Michigan State University, E. Lansing, MI 48824 *
* (517) 353-1807 fax (517) 355-7656 valenti at msu.edu *
More information about the unisog