Being the whore that I am (actually, high priced call girl) I don't "not tolerate" anything. "Update" is an ambiguous word. One can download, from the Microsoft site, patches for damn near every piece of software that they sell or have sold in the recent past. Security patches (actually replacement files, not patches, for the most part) are a big favorite, though improved functionality is also popular. There are also third party products that can be bought. For instance, SecureIIS fixes known flaws and "fixes" buffer overflow exploits that haven't been found yet. (Yeah, it does what responsible programmers would have done in the first place.) Code-Red has not been successful against SecureIIS enhanced IIS. If there is some aspect not answered by this answer, feel free to ask a less ambiguous question. PHM -- Paul H. Merrill, MCNE, MCSE+I, CISSP PaulMerrill@ACM.Org "Wilfred L. Guerin" wrote:
[ Re: Code-255RandomCharacters. ]
Ok, Time to fix this correctly.
Someone already upgraded the old one, at least 2 others have been released recently...
I personally do NOT tolerate M$ products to do anything relevant in my environment, so if anyone can help us out by answering a few questions, we will have to fix M$ the hard way...
First, does the IIS server have any auto-update mechanism, if so, is this dictated by a moronic registry value, variable setting, etc?
If not, what is the quickest and most effective method to update (by hand and manual access) an IIS server installation?
Are there any alternate methods than [this] to update the IIS server software?
Other Suggestions?
[ Yes, creation of exe on disk or in process, get of file from m$, and running of it with /autobullshit would work too. ]
...
Now, for any competant individual on this planet, you would already realize that the intent now, if i feel like wasting time fixing the rest of the world's incompetance, is to generate a forceful update and force all of these foolish IIS servers to reinstall the newer version (with only a few less problems)...
At the rate of ideal propogation, this security breach and hastle can be remedied in full in less than a week. I would strongly suggest an open petition of inquiry as to why msoft is so incapable of basic software design.
In this regard, I see at least 8 totally independant mechanisms of completing this process, however, because I personally do not tolerate moronics, I will not personally create additional code until someone gives me a good reason to do so.
Unless, of course, everyone continues to fail, I may waste the time, in which case i will need an individual in a politicly and logisticly neutral environment who has a simple modem, to instantiate the fix.
Inversely, if everything fails, we eliminate the servers from operation. A far better solution.
All I shall do is provide operational code, if so desired. Im not up for the bullshit that will result from other antics.
So, anyone care to fix the world, or shall we all play incompetant sheep as always and give no heed to the potential benefits of doing something relevant or competant for once in our lives?
I leave you with this...
-Wilfred L. Guerin Wilfred@Cryogen.com
...
-- Paul H. Merrill, MCNE, MCSE+I, CISSP PaulMerrill@ACM.Org