Did you do the IIS Roll-up patch that was released in Auggust?
The security patch from this summer should have been 14+megs... Is that the
one you did? I think maybe we had the wrong one to stop this originally...
Are there more besides this that you used?
Barry
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Jennifer Baker
Sent: Friday, September 21, 2001 11:53 AM
To: Exchange Discussions
Subject: RE: today's admin backwards virus
the server was disconnected. Apparently there are five patches not included
in the security rollup. *&%$#!!
-----Original Message-----
From: Thomas Di Nardo [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 9:41 PM
To: Exchange Discussions
Subject: RE: today's admin backwards virus
Definitely take your time. Better to do it once slowly than two or three
time fast.
Martin's right. I'd disable the services or yank the network drop until
it's fully patched. You might also think about sticking a sniffer out
there to see who's hitting you. You never know, some bonehead may have
dropped an unpatched box on your network and not told anyone. It
wouldn't be the first time I've seen it. At one of the gigs I was at,
the guy responsible for setting up the standard server build installed
IIS with all the defaults and called it good; they've now got a pile of
unpatched servers with SMTP, FTP, etc. all over the place and their
wondering why they got problems. Like They say, security is a feature;
you can enable as much or as little as you like.
T.
-----Original Message-----
From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 11:22 PM
To: Exchange Discussions
Subject: RE: today's admin backwards virus
One thing to keep in mind is may be getting hit in between patches.
My advise would be to disable all IIS related services until you are
fully SP'd and patched up. Then reenable IIS and see what happens. You
may not even want to waste time restoring content until you are sure the
server is safe.
Take your time, don't let em push you to bring it up to fast. That will
only cost you time and money in the end.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Jennifer Baker
Sent: Thursday, September 20, 2001 8:15 PM
To: Exchange Discussions
Subject: RE: today's admin backwards virus
well, this sucks. after restoring our faq server from tape in our dmz
and applying security rollup..yada yada yada.. we got hit again. I must
be missing something besides sleep.
thanks for all the responses (smart-ass and informative alike). I'll
see if I can smuggle a one-touch and optiview to the Mec and whatever
else you guys/gals may be interested in diddling with (1).
(1) fluke and flukenetworks products only.
-----Original Message-----
From: Andy David [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 4:50 AM
To: Exchange Discussions
Subject: RE: today's admin backwards virus
We don't need no stinkin' patches!
Andy David
J Muller International
-----Original Message-----
From: Jennifer Baker [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 06:10 AM
To: Exchange Discussions
Subject: today's admin backwards virus
I was just noticing that most of the gurus of the list had plenty of
time to respond to the list regarding various questions. Am I missing
something?
I have been updating virus software, scanning mailboxes, patching
iis/owa servers etc. all night. We were hit externally, but we only had
to restore one webserver (although it was similiar to a slightly
compressed support.microsoft.com). Is there some secret to this sh*t
that you are keeping from me regarding quick draw administration or is
this something you pawn off to others?
I will compensate for information. (Depending on
validity.)
I'm not jealous or bitter, btw...not.
Jennifer Baker
Fluke Corporation
http://www.fluke.com
http://www.flukenetworks.com
mailto:[EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
