The following is a Security Bulletin from the Microsoft Product Security Notification Service.
Please do not reply to this message, as it was sent from an unattended mailbox.
The Microsoft Security Response Center, along with other organizations listed below, is jointly publishing this alert that ALL IIS ADMINISTRATORS ARE ASKED TO READ
A Very Real and Present Threat to the Internet: July 31 Deadline For Action
Summary:
The Code Red Worm and mutations of the worm pose a continued and serious threat to Internet users. Immediate action is required to combat this threat. Users who have deployed software that is vulnerable to the worm (Microsoft IIS Versions 4.0 and 5.0) must install, if they have not done so already, a vital security patch.
- - Windows NT version 4.0: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30833
- - Windows 2000 Professional, Server and Advanced Server: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30800
Step-by-step instructions for these actions are posted at http://www.microsoft.com/technet/treeview/default.asp? url=/technet/itsolutions/security/topics/codeptch.asp
Microsoft's description of the patch and its installation, and the vulnerability it addresses is posted at: http://www.microsoft.com/technet/treeview/default.asp? url=/technet/security/bulletin/MS01-033.asp
Because of the importance of this threat, this alert is being made jointly by:
Microsoft
The National Infrastructure Protection Center
Federal Computer Incident Response Center (FedCIRC)
Information Technology Association of America (ITAA)
CERT Coordination Center
SANS Institute
Internet Security Systems
Internet Security Alliance