Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
583
Views
0
Helpful
6
Replies

Hotfix for the IIS Code Red worm

mbakman
Level 1
Level 1

‎07-19-2001 12:37 PM - edited ‎03-12-2019 11:59 AM

Has anyone installed the latest IIS hotfix MS01-033 without breaking anything on the Callmanager. It supposedly fixes the buffer overflow vulnerability as described in this security bulletin http://www.microsoft.com/technet/security/bulletin/MS01-033.asp

As far as I can tell, the latest MS IIS package on CCO does not contain this patch. This makes me concerned about our callmanagers since Code Red worm starting attacking many IIS server on our campus exploiting this vulnerability.

Any input will greatly be appreciated.

Baha Akman

Labels:
0 Helpful
6 Replies 6

pepsiflat
Level 1
Level 1

‎07-23-2001 11:30 AM

We didn't installed the patch but I received a link from Cisco that point on their website that recommends to install the patch... Here is the link!

Title: Cisco Security Advisory: "Code Red" Worm - Customer Impact

URL: http://www.cisco.com/warp/customer/707/cisco-code-red-worm-pub.shtml (available to registered users)

http://www.cisco.com/warp/public/707/cisco-code-red-worm-pub.shtml (available to non-registered users)

0 Helpful

dgoodwin
Cisco Employee
Cisco Employee

‎07-23-2001 01:02 PM

Just in case you haven't checked back, the latest IIS hotfix on CCO does have the patch for this. It's at:

http://www.cisco.com/cgi-bin/tablebuild.pl/callmgr

and the filename is win-IIS-SecurityUpdate-2.exe

0 Helpful

mbakman
Level 1
Level 1
In response to dgoodwin

‎07-23-2001 04:23 PM

Thanks for the urls I did get the security advisory on friday and applied the hotfix. Do you all know any documents on CCO that covers security on callmanagers?

0 Helpful

pepsiflat
Level 1
Level 1
In response to mbakman

‎07-23-2001 06:00 PM

No I don't but please tell me if you find some!!

Thanks in advance!

Michel Nantel

mnantel@gt.ca

0 Helpful

mdouhan
Level 1
Level 1
In response to mbakman

‎07-24-2001 02:55 AM

I have a great paper written by the Cisco business unit that tells exactly how to secure call managers, I don't want to give out the email address of a cisco employee on this forum though, but through your SE you should be able to get the same thing, if not then the new design guide given out at this years networkers covers some security as well.

0 Helpful

Kluso
Level 1
Level 1
In response to mbakman

‎07-24-2001 03:09 AM

See "Securing IP Telephony Networks" at http://www.cisco.com/univercd/cc/td/doc/product/voice/ip_tele/solution/6_operat.htm

0 Helpful
Customers Also Viewed These Support Documents