Microsoft support

["Ralph Mellor" <ralph () dimp com>]

> From another list:

> > A friend of mine sent me a copy of a message from
> > his company's security team about Code Red.  The
> > message includes:
> >
> > "If you have Microsoft XP operating system, please
> > physically disconnect the network cable from your PC.
> > Microsoft does not support XP operating system and
> > does not have a patch for IIS at this time"

> From MS's CR bulletin:

"If you are using Windows 95, Windows 98, Windows Me,
Windows XP RC1 or later, or Windows .NET Server build
3505 or later, there is no action that you need to take in
response to this alert."

--------------------------

Microsoft's CURRENT (Aug 7, 4pm cst) CR bulletin, as
linked from their home page, says:

    What To Do If You Are Vulnerable?

    a. To rid your machine of the current worm, reboot your computer. 
    b. To protect your system from re-infection: Install the patch as
    specified in the instructions. 

This simply ignores the backdoor that CRII installs. Frankly that's
better than Symantec's half-baked CRII solution. At least MS can
come back later and say, "oops, it's worse, there's this CRII out
there and you need to wipe your PC". But I have to wonder if they
will and I have to be suspicious that the reason for delay is to see
how bad the post-CRII remodelling looks. *Much* better for them
to ignore it if it's less than, say, 10,000 remodelled machines,
because that's fairly invisible.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com