I have seen a few machines where IIS has been crashing all day. I am guessing
it is related to this idq.dll worm. All of these machines DO have the
Q300972 patch applied to them, yet they are still crashing.
I would like to test some things (repatching, applying service packs, etc..).
Does anyone have a proof of concept exploit for this problem?
Thanks!
gvb
On Thu, 19 Jul 2001, Jim Hribnak wrote:
>
> There appears to be a WIDE spread issue with IIS 4 and IIS 5 right now. The
> services will automatically shut down when attacked. There is patches (old
> Patches) that seem to fix the problem YET the patch says its for Microsoft
> Index server (a lot of people are not running Index server, yet this patch
> fixes the crashing problem.
>
> Upon further reading of the bulletin below it say
>
> "
> Affected Software:
>
> a.. Microsoft Index Server 2.0
> b.. Indexing Service in Windows 2000
> "
>
> Most people will not install this if they are not running the software
> listed above. The above should have also said IIS 4 and IIS 5 are affected.
>
> And it does if you read the technical section..
>
> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
> bulletin/MS01-033.asp
>
> for IIS4 /NT4
> http://www.microsoft.com/ntserver/nts/downloads/critical/q300972/default.asp
>
> for IIS5/Win2000
> http://www.microsoft.com/windows2000/downloads/critical/q300972/default.asp
>
>
>
> ---------------------------------------
> Jim Hribnak
> Manager Communication Services
> Nucleus Inc.
> 403-209-0000
>
>
>
>
