0){s=s.replace(/\\\\/g,\"\\\\\\\\\").replace(/\\\'/g,\"\\\\\\\'\").replace(/\\\"/g,\"\\\\\\\"\");Spm[bmp++]=\'\\\'\'+s+\'\\\',\\n\';} } Spm[bmp++]=\'];\\n\';Spm[bmp++]=\"eval(DanaCode.join(\\\"\\\\n\\\"));\\n\";}else {Spm[bmp++]=\"if(typeof(dsGetDanaCode)!=\\\"undefined\\\") eval(dsGetDanaCode().join(\\\"\\\\n\\\"));\\n\";',
'Spm[bmp++]=\"else if(typeof (parent)!=\\\"undefined\\\"&&typeof(parent.dsGetDanaCode)!=\\\"undefined\\\") eval(parent.dsGetDanaCode().join(\\\"\\\\n\\\"));\\n\";Spm[bmp++]=\"else if(typeof(top.DanaCode)!=\\\"undefined\\\") eval(top.DanaCode.join(\\\"\\\\n\\\"));\\n\";Spm[bmp++]=\"else if(typeof(opener)!=\\\"undefined\\\"&&typeof(opener.closed)!=\\\"unknown\\\"&&!opener.closed&&typeof(opener.dsGetDanaCode)!=\\\"undefined\\\") eval(opener.dsGetDanaCode().join(\\\"\\\\n\\\"));\\n\";} Spm[bmp++]=\'\'+\'SCRIPT>\';Spm[bmp++]=\'<\'+\'SCRIPT language=\"javascript\" id=\"dsvar\">\'+cc;Spm[bmp++]=\'\'+\'SCRIPT>\';return Spm.join(\"\");} var Spm=\'\'+\'SCRIPT>\';var veo=\"\";if((typeof(DSTBSettings)==\"number\")&&(DSTBSettings&0x400)){veo=\'\'+\'SCRIPT>\';} return veo+\'\'+\'SCRIPT>\\n\'+Spm+\'\\n
var dsnodocwrites=0; var DanaCookie="ASPSESSIONIDCASSTCDT=PIEDCCKAKPJPOJCMMGCNOHAF";
var DSTBSettings=20497;var DSTBLU='/dana/home/starter.cgi?startpageonly=1';var DSObfuscateHostname=0; var DSHost="access.ais.msu.edu";
danaSetDSHost();
g_baseurl="https://mail.ais.msu.edu/Exchange/firsttim/Drafts/RE:%20[MSUNAG]%20Microsoft%20Update%20MS06-040.EML/1_text.htm";
I wouldn't count on the border protection for that much. While it stops the Internet-sourced attacks, there are plenty of threats on campus for the same issues. You'd be wise to consider campus a threat equal or greater to the Internet.
On a positive note, I've had coverage for this vulnerability through our Intrusion Prevention System for about a week now, and I haven't seen any activity.
-tim
________________________________
Timothy D. First, CISSP, MCSE
Information Technologist III
Michigan State University
Administrative Information Services
[log in to unmask]
(517) 353-4420 x335
Fax: (517) 355-5176
From: Chris Wolf [mailto:[log in to unmask]]
Sent: Tue 8/8/2006 5:04 PM
To: [log in to unmask]
Subject: [MSUNAG] Microsoft Update MS06-040
The vulnerability announced today in MS06-040 can be remotely exploited to take complete control of a Windows system. Unlike many of Microsoft's other vulnerabilities that are labeled "critical", this one truly is. To make matters worse, according to CERT, they know of working exploit code for this vulnerability.
My understanding is that the campus firewall still blocks TCP 139 and 445, so that gives us some limited protection.
--Chris
==============================================
Chris Wolf
Computer Service Manager
Agricultural Economics
[log in to unmask]Michigan State University 517 353-5017
if(typeof(dstb)!= "undefined"){ dstb();}