Two weeks into the Code Red exploit, when variant II or III or whatever you
want to call it was particularly active, incidents.org noticed that another
MS security flaw was being exploited. Their report is here
http://www.incidents.org/diary/august2001.php#132. They give no data as to
how many compromised systems are out there, possibly the reported probes are
all an attempt to "jump start" the worm.
The vulnerability is described at
http://www.microsoft.com/technet/security/bulletin/ms01-023.asp. Again,
there has been a patch available for some time (since May, apparently), yet
I'm sure that some systems will be unpatched. My Win2K SP2 machines did not
need the patch, so I guess it's installed with SP2.
When will the world wake up and stop buying software from a software company
that obviously can't write software well?
[Actually, the buying decision is probably done by people who know little
about software, IMO].
Alistair McDonald, Bacchus Consultancy Ltd http://www.bacchusconsultancy.com [Alistair McDonald via risks-digest Volume 21, Issue 62]
0:00
#
G!
