I wouldn't count on the border protection for that much. While it stops the Internet-sourced attacks, there are plenty of threats on campus for the same issues. You'd be wise to consider campus a threat equal or greater to the Internet. On a positive note, I've had coverage for this vulnerability through our Intrusion Prevention System for about a week now, and I haven't seen any activity. -tim ________________________________ Timothy D. First, CISSP, MCSE Information Technologist III Michigan State University Administrative Information Services [log in to unmask] (517) 353-4420 x335 Fax: (517) 355-5176 ________________________________ From: Chris Wolf [mailto:[log in to unmask]] Sent: Tue 8/8/2006 5:04 PM To: [log in to unmask] Subject: [MSUNAG] Microsoft Update MS06-040 The vulnerability announced today in MS06-040 can be remotely exploited to take complete control of a Windows system. Unlike many of Microsoft's other vulnerabilities that are labeled "critical", this one truly is. To make matters worse, according to CERT, they know of working exploit code for this vulnerability. My understanding is that the campus firewall still blocks TCP 139 and 445, so that gives us some limited protection. See http://www.kb.cert.org/vuls/id/650769 for the report from CERT. --Chris ============================================== Chris Wolf Computer Service Manager Agricultural Economics [log in to unmask] Michigan State University 517 353-5017