MS Index Server and Indexing Service ISAPI Extension Buffer Overflow Vulnerability

MS Index Server and Indexing Service ISAPI Extension Buffer Overflow Vulnerability

Solution:
Microsoft has released a patch. Please see the references for details.

NOTE: Reports indicate that post-patch systems may be vulnerable to a denial of service; administrators are advised to reapply the newer patch if it is not installed and to remove the .ida/.idq mappings.

Microsoft has released the following tool that rectifies the damage caused by the 'Code Red II' worm:

http://www.microsoft.com/technet/itsolutions/security/tools/redfix.asp

Microsoft Index Server 2.0

Microsoft Q300972
http://download.microsoft.com/download/winntsp/Patch/q300972/NT4/EN-US /Q300972i.exe

Microsoft Indexing Services for Windows 2000

Microsoft Q300972
http://download.microsoft.com/download/win2000platform/Patch/q300972/N T5/EN-US/Q300972_W2K_SP3_x86_en.EXE