Information Security News mailing list archives

RE: Microsoft takes heat for Code Red

From: InfoSec News <isn () c4i org>
Date: Mon, 6 Aug 2001 03:13:56 -0500 (CDT)

Forwarded by: Michael Huntley <michael () signet net>

I'm not surprised at the M$ bashing, but I must take note that BIND
has had several vulnerabilities, and users of BIND have suffered from
those vulnerabilities as much as NT users of IIS.  Frankly, if the
users of NT had applied the patch that came out on June 18th this
would not be an issue, much like the problems that persisted after
holes were found in BIND 8.2.2-p5 and before.

As an administrator for several types of machines testing and applying
patches is a way-of-life.  It doesn't matter to me whether the systems
are NT or RedHat Linux.  Seems to me, IMHO, the bashing should be on
the administrators of the machines, not M$, merely for the fact the
patch was out a full month prior to the mass infection.

My 2 cents.

Michael Huntley
michael () signet net


-----Original Message-----
From: owner-isn () attrition org [mailto:owner-isn () attrition org]On Behalf Of
InfoSec News
Sent: Wednesday, August 01, 2001 2:47 AM
To: isn () attrition org
Subject: [ISN] Microsoft takes heat for Code Red

http://news.cnet.com/news/0-1003-200-6730674.html

By Ian Fried and David Becker
Staff Writers, CNET News.com
July 31, 2001, 12:25 p.m. PT

While network administrators wait and prepare for another round of
attacks from the Code Red worm, Microsoft is drawing much of the blame
for the pernicious infection.

Once again, security experts say the speed and stability of the
Internet is at risk because of Code Red, a malicious worm that takes
advantage of a hole in Microsoft's Internet Information Server (IIS)
Web server software. The worm infected more than 300,000 servers and
attacked the White House Web site last month before going into
hibernation.

The worm is set to become active again at 5 p.m. PDT Tuesday,
launching a new round of infections that could generate enough traffic
to slow parts of the Internet.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.

Current thread:

Microsoft takes heat for Code Red InfoSec News (Aug 01)
- <Possible follow-ups>
- RE: Microsoft takes heat for Code Red InfoSec News (Aug 06)
- RE: Microsoft takes heat for Code Red InfoSec News (Aug 07)