FYI from our Security Admin thought I would pass along:
Reports of compromised web servers running flavors of IIS are coming in
from all over the world and experts believe this is a possible new exploit
coming from a Russian source. Microsoft has released a bulletin about this
activity and patch which is now been upgraded to a critical. For windows
servers this patch will not show up in the traditional windows update
screen in the browser so it will appear that the server is up to date.
Systems administrators MUST download the patch and apply it manually at
this point. Below is a link for the security bulletin from Microsoft.
Additional information about the threat can be found at http://isc.sans.org
. The latest virus definitions from most AV vendors will detect the
malicious script as well. Infected web servers will infect the users that
visit that web page immediately if they are not patched or protected with
current AV definitions.
If anyone knows people running Microsoft IIS servers please let them know
of this bulletin as soon as possible.
http://www.microsoft.com/security/incident/download_ject.mspx
Seth Scavette
907-761-2743
---------
To unsubscribe, send email to <nuga-request@lib.uaa.alaska.edu>
with 'unsubscribe' in the message body. To manage your subscription,
follow the directions at https://www.lib.uaa.alaska.edu/cgi-bin/lists.cgi
Received on Mon Jun 28 09:33:54 2004
This archive was generated by hypermail 2.1.8 : Mon Jun 28 2004 - 09:33:57 AKDT