Why

[nebulus200]

Look here for vulnerability info.

Description:

Microsoft Internet Information Server (IIS) versions 4.0, 5.0, and 6.0 beta are vulnerable to a buffer overflow in the handling of ISAPI (Internet Services Application Programming Interface) extensions. An unchecked buffer in the code that handles idq.dll ISAPI extensions in the Indexing Service for IIS could allow a remote attacker to overflow a buffer and execute code by sending a specially-crafted Indexing Service request. An attacker could exploit this vulnerability to gain complete control over the affected server.

This vulnerability is exploitable using the "Code Red" and "Code Red II" worm. The "Code Red" worm is a self-propagating worm that scans random IP addresses on port 80 searching for vulnerable Web servers. Once a vulnerable Web server is found, the worm performs malicious activity before propagating to other vulnerable hosts. The "Code Red II" worm does not deface Web sites, as the original version of the worm did, but it carries a more serious threat -- it contains a Trojan Horse payload, which could allow any remote attacker to further compromise infected systems. The "Code Red II" worm also has the ability to scan for vulnerable hosts much faster than previous versions, which has already been reported to cause failures in certain network components by overloading them with network traffic.

/nebulus

[AciDriveHB]

Thanks for the info. Yeah it is accessible from the Internet, and I do keep it up to date with both Windows and Antivirus. So should I just pull it off and not bother with having it as a web server, or is it ok as long as I keep with updates?

[SirDice]

Originally posted here by AciDriveHB
Thanks for the info. Yeah it is accessible from the Internet, and I do keep it up to date with both Windows and Antivirus. So should I just pull it off and not bother with having it as a web server, or is it ok as long as I keep with updates?

You'll be OK. Just keep a sharp eye on the security bulletins from MS

[AciDriveHB]

Yeah I do, running Windoz machines that is kind of a part of life. Hehhe, why I like AO so much, people seem to keep on top of exploits. That way incase I miss one, someone else will probably point that out. One of these days I hope M$ gets their act together and stops trying to go after all the money and just builts and OS that doesn't need patches 4 times a day!

[Penguin]

Originally posted here by MsMittens
What OS are you running, Penguin?

Win98.

[cgkanchi]

I'm not usually one to suggest a change of platform to people, but I'd recommend that both of you take a look at Apache Webserver. Unless you need to use ASP, you'll never miss IIS. And IMHO, Apache is the best webserver out there. Also, that means that you'll never have to worry about Code Red type attacks again.
Cheers,
cgkanchi

[MrLinus]

Originally posted here by Penguin


Win98.

Well the only potential problem you might be running is Personal Web Server (you can see it in the Systray -- little globe in a hand icon). If you don't have it, don't worry. It's just your Firewall/IDs being paranoid -- and that is a good thing.