Worm attack: MS and Solaris users beware

NEWS The worm, known as Sadmind/IIS, can compromise system security through a buffer overflow vulnerability in the Solstice program, allowing web pages to be defaced. The worm installs software to attack servers running Microsoft IIS and can then propagate itself to other unpatched systems. CERT (Computer Emergency Response Team) said it was unable to substantiate preliminary reports of the Sadmind virus destroying files on compromised Windows machines and rendering them unbootable. Graham Cluley, senior technology consultant at Sophos, said there had been no new reports of the virus, but hoped users had already secured their systems. Cluley said: "If anyone has not patched this already then they will be vulnerable to a lot of other security problems. Solaris users tend to patch their systems well and with the patch being available for some time, we don't feel this virus is desperately dangerous." Worried users should download patches available at http://www.microsoft.com/technet/security/bulletin/MS00-078.asp and http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/191&type=0&nav=sec.sba