Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Hotfix for the IIS Code Red worm

Has anyone installed the latest IIS hotfix MS01-033 without breaking anything on the Callmanager. It supposedly fixes the buffer overflow vulnerability as described in this security bulletin http://www.microsoft.com/technet/security/bulletin/MS01-033.asp

As far as I can tell, the latest MS IIS package on CCO does not contain this patch. This makes me concerned about our callmanagers since Code Red worm starting attacking many IIS server on our campus exploiting this vulnerability.

Any input will greatly be appreciated.

Baha Akman

6 REPLIES
New Member

Re: Hotfix for the IIS Code Red worm

We didn't installed the patch but I received a link from Cisco that point on their website that recommends to install the patch... Here is the link!

Title: Cisco Security Advisory: "Code Red" Worm - Customer Impact

URL: http://www.cisco.com/warp/customer/707/cisco-code-red-worm-pub.shtml (available to registered users)

http://www.cisco.com/warp/public/707/cisco-code-red-worm-pub.shtml (available to non-registered users)

Cisco Employee

Re: Hotfix for the IIS Code Red worm

Just in case you haven't checked back, the latest IIS hotfix on CCO does have the patch for this. It's at:

http://www.cisco.com/cgi-bin/tablebuild.pl/callmgr

and the filename is win-IIS-SecurityUpdate-2.exe

New Member

Re: Hotfix for the IIS Code Red worm

Thanks for the urls I did get the security advisory on friday and applied the hotfix. Do you all know any documents on CCO that covers security on callmanagers?

New Member

Re: Hotfix for the IIS Code Red worm

No I don't but please tell me if you find some!!

Thanks in advance!

Michel Nantel

mnantel@gt.ca

New Member

Re: Hotfix for the IIS Code Red worm

I have a great paper written by the Cisco business unit that tells exactly how to secure call managers, I don't want to give out the email address of a cisco employee on this forum though, but through your SE you should be able to get the same thing, if not then the new design guide given out at this years networkers covers some security as well.

New Member

Re: Hotfix for the IIS Code Red worm

145
Views
0
Helpful
6
Replies
CreatePlease to create content