Security vulnerability and the Code Red virus - IBM eServer xSeries 130, 150

Resolving The Problem

The appliance is exposed to the "Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise" security vulnerability and the Code Red virus.

This tip applies to the following IBM eServer xSeries servers:

• xSeries 130: 8654-1YX, 8654-5DX, 8672-25X
• xSeries 150: 8658-33Y, 8658-3XY

Due to a security flaw in Internet Information Services (IIS), it is required that the Microsoft Security Update dated June 18, 2001 be applied to all xSeries 130 and 150 appliances. This update resolves the "Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise" security vulnerability on computers running Microsoft Windows 2000 and IIS 5.0.

This update also prevents the appliance from being infected by the Code Red virus.

For additional information, read the Microsoft Security Bulletin MS01-033.

To update the appliance to prevent infection:

1. Connect to the appliance using Microsoft Terminal Services, or connect using the browser to UMS and choose the Terminal Services icon (to use web-based Terminal Services).
2. From the appliance desktop in Terminal Services, click Start->Windows Update.
3. Once the search for updates completes, a list of updates should be presented with Critical Update Package automatically selected. Only Critical Updates should be applied to your appliance. You may choose to download and install all Critical Updates, or only the June 18 update. To select the June 18 update, open the list of Critical Updates, and uncheck all but June 18. Once the required update(s) is selected, click Download. The machine should be rebooted once the updates are installed.

Note: It is a good idea to run Windows Update periodically, and apply new Critical Updates.