DSL customer with issues? Read on
Steve Sheldon
news:X5I57.20884$B7.32...@ruti.visi.com...
>
> We also recommend to our customers that run IIS servers, to be sure to
> patch their servers up with the latest security patches from
> Microsoft, so their server's don't unknowingly become part of the
> problem. The .ida security hole has been patched for awhile. You can
> download patches for Microsoft's products from their security page
>
> http://www.microsoft.com/technet/security/
Specifically the security bulletin addressing this issue is:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS01-033.asp
There is also the eEye full analysis of the worm:
http://ntbugtraq.ntadvice.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtra
q&F=P&S=&P=2177
For a list of checklists and tools for securing IIS, see:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutio
ns/security/tools/tools.asp
Pay particular attention to the IIS Security checklists which provide
recommendations on how to configure your server. I had removed the script
mappings for the index service as per the checklist recommendation and as
such was not vulnerable to this issue.
There is also a very useful utility called the 'Hotfix Checking Tool for IIS
5.0' which can easily be configured to send alerts via email on a daily
basis letting you know of any new patches you should apply.
Subscribing to ntbugtraq.com is critical.