Microsoft Points to Old Patch for Code Blue Protection
- By Scott Bekker
Microsoft Corp. directed users of its Web server software to a year-old patch
for protection against the recently discovered Code Blue vulnerability -- a worm with a limited presence in the wild.
"We've received a number of queries from customers regarding a newly reported worm called Code Blue. Although there are no indications at present that the worm is widespread in the wild, customers can easily protect their systems against it," Microsoft said in a statement on its Web site.
The vulnerability in Internet Information Services exploited by Code Blue was patched in Microsoft's 78th security bulletin of 2000.
Any server with that patch, either of Microsoft's cumulative IIS patches this year, the Windows 2000 Service Pack 2 or the Windows NT 4.0 Security Roll-up Patch is already protected, Microsoft said.
Symantec reported that Code Blue or W32.BlueCode.Worm was discovered Sept. 7. The worm damages unpatched Windows NT and Windows 2000 servers by causing system instability and comprosing security settings.
Scott Bekker is editor in chief of Redmond Channel Partner magazine.