Security Incidents mailing list archives
Re: PWS was: CodeRedII attempts from Cable/DSL/dial-ups
From: Gary Flynn <flynngn () jmu edu>
Date: Mon, 06 Aug 2001 12:34:36 -0400
Thomas Frerichs wrote:
It also infects Personal Web Server on Win 2K professional. I know.
Hmmm. Isn't "Personal Web Server" on a w2k machine really just IIS5? A Microsoft document indicates that if a machine running PWS is upgraded to w2k, IIS will be installed by default (with no patches of course): http://support.microsoft.com/support/kb/articles/Q266/4/56.ASP On a side note, PWS seems to be a lost cause anyway. The oft-exploited URL decoding defect isn't even slated to be patched and a Microsoft security spokeman said on one of the vulnerability listservs that PWS was only for "protected networks": http://www.jmu.edu/computing/info-security/engineering/issues/ms_pws.htm -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/info-security/engineering/runsafe.shtml ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- CodeRedII attempts from Cable/DSL/dial-ups Ben N. Venzke (Aug 05)
- RE: CodeRedII attempts from Cable/DSL/dial-ups Thomas Frerichs (Aug 06)
- Re: PWS was: CodeRedII attempts from Cable/DSL/dial-ups Gary Flynn (Aug 06)
- RE: CodeRedII attempts from Cable/DSL/dial-ups Derek Kwan (Aug 06)
- RE: CodeRedII attempts from Cable/DSL/dial-ups Srdjan Nikolic (Aug 06)
- Re: CodeRedII attempts from Cable/DSL/dial-ups Guilherme Mesquita (Aug 07)
- RE: CodeRedII attempts from Cable/DSL/dial-ups Thomas Frerichs (Aug 06)