From: "Chris Rigby"
Since the microsoft web servers have been viunerable to an exploit since it was released a month ago.. you've got to ask yourself.. how much do you trust the patch?
One of our Web Servers was infected yesterday am, it started pumping 3mbit to other web servers. We thought the server was up to date with patches. Ironically the only reason that the server is allowed out on port 80 through the front end firewall is so it can visit windowsupdate.microsoft.com. It seems that this patch may need to be downloaded and installed manually. If we again visit windowsupdate from this server it claims that there are no patches to be installed, however we can find no evidence that the ida patch is currently installed. This differs from our other servers which clearly show the patch in the installation history. Me thinks that Microsoft should include Apache in the list of "Critical Updates" that are available. --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog