On September 10, Microsoft announced additional vulnerabilities related
to the Remote Procedure Call feature in Windows. Unfortunately these
flaws expose MSU to yet another set of attacks similar to those we've
endured with the Blaster and Welchia worms. Security firms have
discovered working source code that exploits the new vulnerabilities.
It is only a matter of time - perhaps just hours - before new worldwide
attacks begin. Many of you have already taken action to patch computers;
unfortunately, it's likely that thousands of computers at MSU remain
The Computer Laboratory, in consultation with Vice Provost Gift, has
decided to scan the campus network in order to locate computers that are
not yet protected against the new vulnerabilities. We expect to begin
scanning as soon as today.
When we find a computer that appears to be exposed to RPC attacks, we
will try to contact its owner via e-mail to inform them of the need to
run Windows Update or otherwise patch their computers. In some cases we
will contact end users; in other cases, we'll get in touch with campus
Obviously, these scans will not find every computer that is vulnerable.
Many computers will be turned off when we scan. Some laptops will be in
customers' backpacks, not connected to the network. Other computers may
be connected to the network, but invisible to the security scan due to a
software or hardware firewall. (Even computers protected by firewalls
should be patched.)
As with Blaster and Welchia, we're especially worried about computers
belonging to students in residence halls. We still see a few hundred
computers (mostly in residence halls) that exhibit the destructive
behavior of Welchia. We're trying to contact the owners of those
computers separately. We'd rather not block computers from network
access yet again, but we may be forced to do so.
Please understand that proactively scanning computers for
vulnerabilities remains an extraordinary action for us to take. We've
all lived through the pernicious effects of Blaster and Welchia; we must
take these steps to minimize the effects of "Blaster II." Please note
that we are scanning only for the vulnerabilities described by Microsoft
in bulletins MS03-026 and MS03-039.
The vigilance of campus computer support personnel is critical to
keeping the campus network functioning efficiently. We know that many
of you patched hundreds of computers before Blaster hit. Just as people
on the Atlantic coast have boarded up windows in anticipation of
Hurricane Isabel, we need to protect our Windows computers before the
next storm hits. In addition to the steps you take to support your
users, we ask that you help inform students and others who manage their
own computers to take protective action now. (Install a firewall, run
Windows Update, use antivirus software - and also run Office Update.)
We will update help.msu.edu/virus as events unfold. Anyone with
questions can also contact a Computer Laboratory consultant at
432-6200. Computer Lab staff will also participate in the NAG meeting
this Friday from 3:00-5:00 pm in room 1400 Biomedical and Physical
Sciences Building. Finally, note that Microsoft is offering free
security support at 1-866-PCSAFETY.