Computers that were infected by CodeRed have stopped propagating this worm as of July 28, 2001, due to its logic of going into infinite sleep mode. Although there was much speculation as to whether this worm would wake up again on August 1, 2001, Symantec Security Response's analysis of the CodeRed worm indicates that a re-infection will not re-awaken already infected computers.
If the worm is once again injected into the Internet, it can only affect computers that still have the vulnerability on the Web server. Previously infected computers can be re-infected if they have not been patched. Symantec Security Response advises users of IIS4.0 and 5.0 to apply the Microsoft patch before August 1. Security Response will continue to monitor CodeRed activities on the Internet and will post updates to this page when available.
The CodeRed Worm affects Microsoft Index Server 2.0 and the Windows 2000 Indexing service on computers running Microsoft Windows NT 4.0 and Windows 2000, which run IIS 4.0 and 5.0 Web servers. The worm uses a known buffer overflow vulnerability contained in the Idq.dll file. Information about this vulnerability and a Microsoft patch is located at: http://www.microsoft.com/technet/security/bulletin/MS01-033.asp.
A Cumulative Patch for IIS that includes the four patches released to date is available at: http://www.microsoft.com/technet/security/bulletin/MS01-044.asp.
System administrators are encouraged to apply the Microsoft patch to prevent infection of this worm and other unauthorized access.
For information on the various ways to check for this threat and the underlying vulnerability, or if you are using Symantec Enterprise Firewall, refer to the Additional Information section below.
similer
home
No comments:
Post a Comment