Security Incidents mailing list archives
Re: new IIS worm? (rcp lsass.exe)
From: Christoph Puppe <puppe () hisolutions com>
Date: Wed, 25 Sep 2002 11:17:29 +0200
zeno wrote:
Does anyone know of a gui windows tool that scans your system and provides you with a list of needed patches, and then allows you to select, and have it autodownload and install them? I can't seem to find one (needed mostly for iis).
Try the IIS Lockdown Tool, removes most extensions (htw, idq et all) and even more important, removes the execute permission from command line tools which are commonly used by attackers (cmd, tftp, ...).
Remember to re-run it after installing a SP!It installs the URLScann as well, but this seems to be a little flask of snake oil, because it checks URLs before they go into the deeper layers of the IIS (remember the first 3 Patches for the doubel-encoding and Unicode Vulns!).
Remember to scan your hosts often (like once a week) with a security scanner, for example Nessus.org or IIS or Lanscan from GFI.
-- Mit freundlichen Gruessen, Christoph Puppe We secure your business.(TM) *************************************************************** HiSolutions AG phone: +49 30 533289-0 Bouchestrasse 12 fax: +49 30 533289-99 D-12435 Berlin www: http://www.HiSolutions.com/ *************************************************************** ____________________________________ E-Mail Disclaimer Der Inhalt dieser E-Mail ist ausschliesslich fuer den bezeichneten Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein sollten, so beachten Siebitte, dass jede Form der Kenntnisnahme, Veroeffentlichung, Vervielfaeltigung oder Weitergabe des Inhalts dieser E-Mail unzulaessig ist. Wir bitten Sie, sich in diesem Fall mit dem Absender der E-Mail in Verbindung zu setzen. The information contained in this email is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any form of disclosure, reproduction, distribution or any action taken or refrained from in reliance on it, is prohibited and may be unlawful. Please notify the sender immediately.
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Slapper worm DoS, (continued)
- Slapper worm DoS james (Sep 24)
- Re: new IIS worm? (rcp lsass.exe) Mike Lewinski (Sep 24)
- Re: new IIS worm? (rcp lsass.exe) Eloy A. Paris (Sep 24)
- RE: new IIS worm? (rcp lsass.exe) Mark Challender (Sep 24)
- Re: new IIS worm? (rcp lsass.exe) zeno (Sep 24)
- Re: new IIS worm? (rcp lsass.exe) James Williams (Sep 24)
- RE: new IIS worm? (rcp lsass.exe) Ben Timby (Sep 24)
- Re: new IIS worm? (rcp lsass.exe) sunzi (Sep 25)
- Re: new IIS worm? (rcp lsass.exe) Nick FitzGerald (Sep 25)
- Re: new IIS worm? (rcp lsass.exe) Faisal Ashraf (Sep 26)
- Re: new IIS worm? (rcp lsass.exe) Christoph Puppe (Sep 25)
- Re: new IIS worm? (rcp lsass.exe) zeno (Sep 24)
- RE: new IIS worm? (rcp lsass.exe) John Campbell (Sep 24)
- RE: new IIS worm? (rcp lsass.exe) Dostie, Joe (Sep 25)
- RE: new IIS worm? (rcp lsass.exe) webbi (Sep 25)
- RE: new IIS worm? (rcp lsass.exe) John Campbell (Sep 25)
- Re: new IIS worm? (rcp lsass.exe) zeno (Sep 25)
- RE: new IIS worm? (rcp lsass.exe) Gaydosh, Adam (Sep 25)
- RE: new IIS worm? (rcp lsass.exe) David LeBlanc (Sep 26)
- RE: new IIS worm? (rcp lsass.exe) Dallas Jordan (Sep 26)
- RE: new IIS worm? (rcp lsass.exe) Bax . Plemons (Sep 26)
(Thread continues...)