How to Secure your IIS Server
Tuesday, September 25th, 2001Installing the
Code Red patch
isn’t enough. Netcraft’s latest crawl found nearly half of all IIS servers still have a WebDAV configuration known to be vulnerable. Cross-site scripting is still unsecured on one in five machines, with many other long-known security holes still turning up on one in every five to ten sites pinged by Netcraft. And it looks like admins who install the Code Red patch often fail to remove the root.exe program the worm adds to the machine. What Code Red didn’t do with it, a future worm will.
Click here for full-size chart and report
Netcraft’s analysis: Administrators simply aren’t making the fixes, most of which are detailed in Microsoft’s online IT security pages. Obviously, there are managers and customers who refuse to agree to a minute’s downtime for installation and testing, but now is probably a good time to get them to listen.
