 |
 |
On September 10, Microsoft announced additional vulnerabilities related to the Remote Procedure Call feature in Windows. Unfortunately these flaws expose MSU to yet another set of attacks similar to those we've endured with the Blaster and Welchia worms. Security firms have discovered working source code that exploits the new vulnerabilities. It is only a matter of time - perhaps just hours - before new worldwide attacks begin. Many of you have already taken action to patch computers; unfortunately, it's likely that thousands of computers at MSU remain exposed. The Computer Laboratory, in consultation with Vice Provost Gift, has decided to scan the campus network in order to locate computers that are not yet protected against the new vulnerabilities. We expect to begin scanning as soon as today. When we find a computer that appears to be exposed to RPC attacks, we will try to contact its owner via e-mail to inform them of the need to run Windows Update or otherwise patch their computers. In some cases we will contact end users; in other cases, we'll get in touch with campus system administrators. Obviously, these scans will not find every computer that is vulnerable. Many computers will be turned off when we scan. Some laptops will be in customers' backpacks, not connected to the network. Other computers may be connected to the network, but invisible to the security scan due to a software or hardware firewall. (Even computers protected by firewalls should be patched.) As with Blaster and Welchia, we're especially worried about computers belonging to students in residence halls. We still see a few hundred computers (mostly in residence halls) that exhibit the destructive behavior of Welchia. We're trying to contact the owners of those computers separately. We'd rather not block computers from network access yet again, but we may be forced to do so. Please understand that proactively scanning computers for vulnerabilities remains an extraordinary action for us to take. We've all lived through the pernicious effects of Blaster and Welchia; we must take these steps to minimize the effects of "Blaster II." Please note that we are scanning only for the vulnerabilities described by Microsoft in bulletins MS03-026 and MS03-039. The vigilance of campus computer support personnel is critical to keeping the campus network functioning efficiently. We know that many of you patched hundreds of computers before Blaster hit. Just as people on the Atlantic coast have boarded up windows in anticipation of Hurricane Isabel, we need to protect our Windows computers before the next storm hits. In addition to the steps you take to support your users, we ask that you help inform students and others who manage their own computers to take protective action now. (Install a firewall, run Windows Update, use antivirus software - and also run Office Update.) We will update help.msu.edu/virus as events unfold. Anyone with questions can also contact a Computer Laboratory consultant at 432-6200. Computer Lab staff will also participate in the NAG meeting this Friday from 3:00-5:00 pm in room 1400 Biomedical and Physical Sciences Building. Finally, note that Microsoft is offering free security support at 1-866-PCSAFETY.