News

As noted in
https://iris.eecs.berkeley.edu/news/2005/0811-Microsoft_security_p-363.shtml,
Microsoft security patches for August 2005 were released on Aug 9, 2005.

The critical Vulnerability in Plug and Play as listed in Microsoft Security Bulletin MS05-039 has become a vector for active exploits and administrative compromise of Windows systems.
There are active exploits in the wild.

Because of this, it is now assumed that any system that has not been patched for the Vulnerability in Plug and Play as listed in Microsoft Security Bulletin MS05-039 is compromised.

Both security@EECS.Berkeley.EDU and security@Berkeley.EDU are actively scanning the network for systems that are not patched for MS05-039.

Effective Today 8/22/05. it is now assumed that any Windows 2000 (Home, Professional, or Server) system that has not been patched for the Vulnerability in Plug and Play as listed in Microsoft Security Bulletin MS05-039 is compromised.

If these scans show any Windows system that is not patched, support for the system will be suspended.

If the system is Windows 2000 (Home, Professional, or Server), it will be required to be re-built from secure media prior to resumption of support.

All other Windows systems will be required to install the patch prior to resumption of support.

[Read more…] about Microsoft Security Patch for Plug and Play

UNSCHED RESOLVED OUTAGE DoeCEV 12 August 2005: 11:48 – 14:17PDT

Equipment: inr-000/packetshaper/ISP link
Location: DoeCEV
Date: 12 August 2005: Start: 11:48 End: 14:17PDT

Description:
Shortly before noon, a UPS in the DoeCEV failed. The failed UPS had supplied
power to (among other things) a media converter chassis which sat in the path
between inr-201 (a core router) and inr-000 (one of our border routers).

Routing within campus converged to utilize alternate paths as expected; however,
inr-000, which was isolated from the rest of campus, continued to announce
campus connectivity upstream.

These announcements attracted some return ISP traffic, and caused loss of
connectivity to some off campus sites.

Shortly after 2pm, power to the fiber media converter was restored, and all
traffic to/from campus along the commodity ISP path began flowing normally
once again.

– Christopher

Equipment: inr-000/packetshaper/ISP link
Location: DoeCEV
Date: 12 August 2005: Start: 11:48PDT End: ongoing

Description:
At approximately 11:48PDT this morning, one of our core routers lost connectivity to
the the ratelimiting device which connects it to one of our border ISP links.

ISP traffic converged to the other ISP link, however, one or more misbehaving hosts were
consuming a great deal of available bandwidth and caused packet loss/delay on the other
ISP link.

We have blocked one of the misbehaving hosts for operational issues, and are investigating
the loss of connectivity to the other ISP link and packetshaper.

Microsoft has released security patches as of August 9th, 2005.
Bulletin: http://go.microsoft.com/fwlink/?LinkId=51160

Security patches defined by Microsoft as “critical” or “important” MUST be applied within 5 business days of notification. Should there be active exploits, the time will be adjusted and users will be informed appropriately. Hosts unpatched after the defined time are subject to scanning and removal from the EECS network as per campus IT security policies (http://socrates.berkeley.edu:2002/MinStds/).

Patching is sometimes dependent on the service pack level of the Microsoft OS, and installed applications, please read requirements carefully.

Critical Security Bulletins
===========================

Microsoft Security Bulletin MS05-038
Cumulative Security Update for Internet Explorer (896727) – Impact: Remote Code Execution – US-CERT currently is not aware of any exploits for this vulnerability.

Affected Software:
Windows 2000 Service Pack 4
Windows XP Service Pack 1
Windows XP Service Pack 2
Windows XP Professional x64 Edition
Windows Server 2003
Windows Server 2003 Service Pack 1
Windows Server 2003 for Itanium-based Systems
Windows Server 2003 with SP1 for Itanium-based Systems
Windows Server 2003 x64 Edition

Microsoft Security Bulletin MS05-039
Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588) – Impact: Remote Code Execution – US-CERT currently is not aware of any exploits for this vulnerability.

Affected Software:
Windows 2000 Service Pack 4
Windows XP Service Pack 1
Windows XP Service Pack 2
Windows XP Professional x64 Edition
Windows Server 2003
Windows Server 2003 Service Pack 1
Windows Server 2003 for Itanium-based Systems
Windows Server 2003 with SP1 for Itanium-based Systems
Windows Server 2003 x64 Edition

Microsoft Security Bulletin MS05-043
Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423) – Impact: Remote Code Execution – US-CERT currently is not aware of any exploits for this vulnerability.

Affected Software:
Windows 2000 Service Pack 4
Windows XP Service Pack 1
Windows XP Service Pack 2
Windows Server 2003
Windows Server 2003 for Itanium-based Systems

Important Security Bulletins
============================

Microsoft Security Bulletin MS05-040
Vulnerability in Telephony Service Could Allow Remote Code Execution (893756) – Impact: Remote Code Execution – US-CERT currently is not aware of any exploits for this vulnerability.

Affected Software:
Windows 2000 Service Pack 4
Windows XP Service Pack 1
Windows XP Service Pack 2
Windows XP Professional x64 Edition
Windows Server 2003
Windows Server 2003 Service Pack 1
Windows Server 2003 for Itanium-based Systems
Windows Server 2003 with SP1 for Itanium-based Systems
Windows Server 2003 x64 Edition

Moderate Security Bulletins
===========================

Microsoft Security Bulletin MS05-041
Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591) – Impact: Remote Code Execution – US-CERT currently is not aware of any exploits for this vulnerability.

Affected Software:
Windows XP Service Pack 1
Windows XP Service Pack 2
Windows XP Professional x64 Edition
Windows Server 2003
Windows Server 2003 Service Pack 1
Windows Server 2003 for Itanium-based Systems
Windows Server 2003 with SP1 for Itanium-based Systems
Windows Server 2003 x64 Edition

Microsoft Security Bulletin MS05-042
Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587) – Impact: Remote Code Execution – US-CERT currently is not aware of any exploits for this vulnerability.

Affected Software:
Windows 2000 Service Pack 4
Windows XP Service Pack 1
Windows XP Service Pack 2
Windows XP Professional x64 Edition
Windows Server 2003
Windows Server 2003 Service Pack 1
Windows Server 2003 for Itanium-based Systems
Windows Server 2003 with SP1 for Itanium-based Systems
Windows Server 2003 x64 Edition

We will be changing out some major network hardware on the 5th floor of Cory Hall. This should only take about half an hour, but for safety’s sake we will schedule a 2 hour maintenance window from 0630 to 0830 AM. This will take place either this Thursday(11AUG05) or Friday(12AUG05) depending on when we get the parts. This will knock out most of the South and West side of the 5th Floor, along with the wireless covering that area. Some servers may be down which cover larger areas. This is being done proactively to avoid a major meltdown. Thank you for your patience.
[Read more…] about 5th Floor Cory Network Outages

Due to some potential problems with one of the switches servicing the 5th floor of Cory, we will possibly be doing some work on it either tomorrow (Friday) or Monday morning from 07:30 to 08:30. Actual outage may only be for a few minutes.

This should only be noticed by people on the 5th floor of Cory, however, since this may be experienced by servers on the 5th floor, the outage may be felt elsewhere.

Bruce

Microsoft will release their patches for the month on August 9th, 2005. HERMES, PRINT, RIS and WINSWW will be down for patching the following Wednesday, August 10th, from 3:00 – 5:00pm.

There will be a campus-wide scheduled maintenance on Saturday, July 16, 2005 8:00am – 12:00pm

Communications and Network Services (CNS) will be upgrading and moving inr-202, one of two core routers in the campus network. The other core router is inr-201; since inr-201 and inr-202 are redundant, there should not be any major disruption to campus network connectivity. There will likely be minor interruptions when the inr-202 is powered down shortly after 8:00am.

This work may involve downtime on one of EECS’s links to the campus backbone.

Microsoft has released security patches as of July 12th, 2005.
http://www.microsoft.com/technet/security/bulletin/ms05-jul.mspx

Security patches defined by Microsoft as “critical” or “important” MUST be applied within 5 business days of notification.
Should there be active exploits, the time will be adjusted and users will be informed appropriately.
Hosts unpatched after the defined time are subject to scanning and removal from the EECS network as per campus IT security policies (http://socrates.berkeley.edu:2002/MinStds/).

Patching is sometimes dependent on the service pack level of the Microsoft OS, and installed applications, please read requirements carefully.

Microsoft Security Bulletin MS05-035
Vulnerability in Microsoft Word Could Allow Remote Code Execution (903672)
– Impact: Remote Code Execution – US-CERT currently is not aware of any exploits for this vulnerability.

Affected Software:
Microsoft Office 2000 Software Service Pack 3 Word 2000
Microsoft Office XP Software Service Pack 3 Word 2002
Microsoft Works Suites:
Microsoft Works Suite 2000
Microsoft Works Suite 2001
Microsoft Works Suite 2002
Microsoft Works Suite 2003
Microsoft Works Suite 2004

Microsoft Security Bulletin MS05-036
Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214)
– Impact: Remote Code Execution US-CERT currently is not aware of any exploits for this vulnerability.
Affected Software:
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition

Microsoft Security Bulletin MS05-037
Vulnerability in JView Profiler Could Allow Remote Code Execution (903235)
– Impact: Remote Code Execution – US-CERT: A Proof of Concept exploit script has been published.
Affected software:
Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, or on Microsoft Windows XP Service Pack 1
Internet Explorer 6 for Microsoft Windows XP Service Pack 2
Internet Explorer 6 Service Pack 1 for Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium), Microsoft Windows Server 2003 x64 Edition, and Microsoft Windows XP Professional x64 Edition

There will be a brief wireless network outage on the upper floors of Cory Hall @ 7:30AM on Monday, July 11th. The outage should last no longer than 15 minutes.
[Read more…] about Brief Wireless Network Switch Outage