[unisog] Cost of the worm......
flynngn at jmu.edu
Fri Aug 10 17:11:46 GMT 2001
Paul L Schmehl wrote:
> <aol>me too</aol> What I can't fathom is how you could not know that your
> servers are spewing junk all over the Internet, but that is apparently the
1. Computers that are left unattended for the summer.
2. Computers that are left unattended in closets.
Don't ask how I know :)
Did you ever find out whether PWS is susceptible to CodeRed? Is
there a configuration screen to set up file extension mappings
and does it contain one for .idq? If it calls the defective
code, I'd imagine it would be vulnerable.
One thing I found out, if a Windows machine is upgraded to W2K,
it will have unpatched IIS 5 server installed BY DEFAULT.
Also, it is important to note that PWS contains the unicode directory
traversal defect, which I think makes it susceptible to the sa-admin
worm, and there is no Microsoft supported patch available:
Security Engineer - Technical Services
James Madison University
More information about the unisog