Guest

Cisco Unified MeetingPlace

Field Notice: FN - 29056 - FA00101 - Microsoft Code Red IIS WORM


Revised December 15, 2005

May 26, 2004

NOTICE:

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.


Products Affected

Product

Comments

Cisco MeetingPlace Web Conferencing

All

Problem Description

Note: This Field Notice is a legacy Latitude Field Notice that has been converted to the Cisco format so the information would remain available to their customers.

Note: This is a Microsoft problem that may impact Meeting Place applications.

Unchecked Buffer in Index Server ISAPI Extension Can Enable Web Server Compromise.

There is a technical explanation in the Knowledge Base article Q300972. Here are some of the symptoms:

  • Changing web content

  • Executing operating system commands

  • Reconfiguring the server

  • Loading additional software onto the server and executing it

  • Stopping the Web Server

Example

Cisco had several complaints that scheduling was inaccessible via MP Outlook client. Cisco noticed that all the websites on the NT Gateway server were stopped. When you try to start the websites it will give you a "WinSock Error" and you have to reboot the NT machine.

Problem Symptoms

Potentially, this could affect any Meeting Place products that rely on IIS for functionality. The worm attacks both Windows NT and Windows 2000 servers as long as they have IIS installed. There are two different hot fixes depending on the version of Windows running on the NT gateway machine.

Workaround/Solution

Install the hot fix for the associated Windows Server release, which can be downloaded from Customer Support Resource Center, or the Microsoft web site.

Related Articles

IIS 4.0

IIS 5.0

Windows 2000 Internet Server Security Tool

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.