[ale] Code Red II!!! Disregard previous reply!!!

Jonathan Rickman jonathan at xcorps.net
Tue Aug 7 09:18:57 EDT 2001


On Tue, 7 Aug 2001, Wandered Inn wrote:

> Does anyone know if this thing can successfully attack the personal web
> server product Microsoft provides?

>From the incidents.org Handlers Diary...

Rumors have been circulating today that the Code Red II worm
can successfully infect Microsoft Personal Web Server running on
Windows 2000 Professional. We have known that the worm infects
IIS 5.0 installed on Windows 2000 Professional (see the Code Red FAQ),
but the reference to Personal Web Server (PWS) is seemingly a new
development.

However, we believe that the issue here is really based on
differences in nomenclature. In the past Microsoft has referred to
IIS running on Windows 2000 Professional as Personal Webserver. To
get at the heart of the issue, the Microsoft Knowledge Base Article
here explains:

http://support.microsoft.com/support/kb/articles/Q262/6/32.ASP


"Although Personal Web Server (PWS) can be installed separately from
the Windows NT 4.0 Option Pack (NTOP) on computers running Windows NT
Workstation 4.0, PWS does not run on Windows 2000. Instead you need to
install IIS 5.0, which is included in Windows 2000 Professional."

Another article further explains what platforms PWS does run on:

http://support.microsoft.com/support/kb/articles/Q266/4/56.ASP

"PWS 4.0 is included with the Microsoft Windows NT 4.0 Option Pack
and was designed for Microsoft Windows 95 and Microsoft Windows NT
Workstation 4.0 with Microsoft Internet Explorer 4.01 or later. Although
PWS 4.0 is not supported in WindowsMe, you may be able to install it
in Windows Me for testing purposes."

The same article goes on to say that IIS 5.0 is installed automatically
if a user upgrades from versions of Windows that have PWS installed.

In summary, PWS will not run on Windows 2000, and therefore we believe
that these reports are actually referring to IIS 5.0 rather than PWS.
Note that no version of Code Red affects the Windows 9x/Me line in
any way.




-- 
Jonathan Rickman
X Corps Security
http://www.xcorps.net

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list