******************************************************************** Title: Microsoft Security Bulletin for January 2006 Issued: January 10, 2006 Version Number: 2.0 Bulletin: http://go.microsoft.com/fwlink/?LinkId=58872 ********************************************************************
Security patches defined by Microsoft as "critical" or "important" MUST be applied within 10 business days of notification. Should there be active exploits, the time will be adjusted and users will be informed appropriately. Hosts unpatched after the defined time are subject to scanning and removal from the EECS network as per campus IT security policies (http://socrates.berkeley.edu:2002/MinStds/).
Patching is sometimes dependent on the service pack level of the Microsoft OS, and installed applications, please read requirements carefully.
Critical Security Bulletins ===========================
MS06-001 - Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)
- Impact: Remote Code Execution
- Affected Software: - Windows 2000 Service Pack 4 - Windows XP Service Pack 1 - Windows XP Service Pack 2 - Windows XP Professional x64 Edition - Windows Server 2003 - Windows Server 2003 Service Pack 1 - Windows Server 2003 x64 Edition - Windows Server 2003 for Itanium-based Systems - Windows Server 2003 with SP1 for Itanium-based Systems
- Review the FAQ section of bulletin MS06-001 for information about these operating systems: - Windows 98 - Windows 98 Second Edition (SE) - Windows Millennium Edition (ME)
- Version Number: 1.0
MS06-002 - Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)
- Impact: Remote Code Execution
- Affected Software: - Windows 2000 Service Pack 4 - Windows XP Service Pack 1 - Windows XP Service Pack 2 - Windows XP Professional x64 Edition - Windows Server 2003 - Windows Server 2003 Service Pack 1 - Windows Server 2003 x64 Edition - Windows Server 2003 for Itanium-based Systems - Windows Server 2003 with SP1 for Itanium-based Systems
- Review the FAQ section of bulletin MS06-002 for information about these operating systems: - Windows 98 - Windows 98 Second Edition (SE) - Windows Millennium Edition (ME)
- Version Number: 1.0
MS06-003 - Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)
- Impact: Remote Code Execution
- Affected Software: - Microsoft Office 2000 Service Pack 3 - Windows Microsoft Office XP Service Pack 3 - Microsoft Office 2003 Service Pack 1 - Microsoft Office 2003 Service Pack 2 - Microsoft Exchange Server 5.0 Service Pack 2 - Microsoft Exchange Server 5.5 Service Pack 4 - Microsoft Exchange 2000 Server Pack 3 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004
- Version Number: 1.0
Wireless Outages
Tomorrow morning, January I will be upgrading to the most current code on the wireless infrastructure. This will occur between 06:00 and 08:00. During this window, there will be several short outages of all wireless networks within EECS and CITRIS, including AirBears service. The scope of this outage will be confined to Cory, Soda, BWRC, Brewed Awakening and part of HMB. I expect that the network will be stable by 08:00.
New Anti-Spam Service
For those that are concerned with our email being saturated by spam, IRIS is going to be deploying a new generation of anti-spam management on Tuesday, Jan. 10th, at 12pm. For details and how-to’s, please refer to this link.
We will replace our existing servers with a new set of redundant anti-spam appliances, and as such, some new headers will be added to each incoming email. Like before, a spam rating will be tagged to each message, and for those of you using our IMAP service, appropriate folder (“Spam” under your “EECS-Filtered” folder) will be created and be used to file those spam messages. The new spam appliances are bayesian based, and are updated more regularly by the vendor as well as our staff. Our testing indicates that it is capable of correctly identifying up to 90% of the spam without any special settings.
In addition, the new appliances will now offer individually configurable whitelists and blacklists.
EECS users will have the ability to opt out of the new service. For those of you that have opted out of the old service can now opt back in to take advantage of the new service.
To summarize:
1. If you are using our IMAP service, starting 1/10/06, please go to “EECS-Filtered\Spam” to verify and remove your spam. You can opt in/out of this service. You can also set up your own personal whitelists and blacklists.
2. If you are not using our IMAP service, you can use the special headers to set up your own filters.
3. For details on our new spam service, faq, and instructions, please see the this announcement.
Please send your concerns and suggestions to help@eecs. Thank you for your patience and cooperation.
Short notice: Patching HERMES and Windows Domain Controllers to fix WMF vulnerability
With Microsoft’s early release of a patch fixing the Windows Metafile (WMF) vulnerability, IDSG will be patching the terminal server, HERMES, as well as the Windows Domain Controllers today, Thursday, January 05, 2006.
HERMES will be down briefly at 3:30p to apply the patch. So if you’re using HERMES, please save your work and log-off before then. The downtime shouldn’t last more than a few minutes.
The Domain Controllers will be rebooted between 3:00p and 3:30p, however, this should not disrupt normal operation.
Additional Changes to UNIX SWW
UNIX SWW will be moving to a new location on project.eecs. There are a couple of other minor changes in the layout.
The new layout is available at
https://iris.eecs.berkeley.edu/idsg/sww/announcement/SWW-layout
Aside from the obvious change to project, the following changes should be noted:
- Solaris 9 and 10 SWWs are now available.
- Solaris SPARC /usr/sww/opt is now solaris.opt.sparc
- New Solaris x86 /usr/sww/opt is coming into the picture (solaris.opt.x86).
On Monday, January 9th 2006 I will change the automaps to point to the new SWW location. If you’re using the automaps to mount SWW, you won’t need to make any changes on your side (but you might have to remount/reboot at some point after Monday).
The old SWW locations will continue to work ’till January 31st 2006, at which point the old system will be taken down.
You are welcome to use the new SWW on project as of now. Please contact IDSG if you experience problems.
Microsoft Windows Metafile (WMF) Handling Vulnerability Advisory
A vulnerability in Microsoft Windows Metafile (WMF) handling was
discovered in December. This vulnerability affects all
versions of Microsoft Windows. Microsoft is working on a patch.
This vulnerability could let an intruder take complete control of
your system, install spyware and attack other systems.
Exploit code has been publicly posted and systems are being
compromised, including as of Monday January 2, 2006 41 systems
on campus of which 2 were in EECS.
Systems are vulnerable to WMF exploits via malicious web pages,
malicious email attachments and malicious attachments in instant messaging.
For more info please see
http://idsg.EECS.Berkeley.EDU/security/wmf.html
[Read more…] about Microsoft Windows Metafile (WMF) Handling Vulnerability Advisory
Changes to Platform Support on Unix SWW
The following changes to platform support are going to happen on the UNIX SWW:
- Solaris 7 SWW will be removed on January 31, 2006.
- RedHat 7.2 SWW will be removed on January 31, 2006. This does NOT affect the Linux SWW (commercial/Licensed software only).
- Solaris 8 SWW is in a security-only mode. Only security updates will be applied to it. Solaris 8 SWW will be frozen (no more updates) on June 13, 2006.
- Solaris 9 SWW is the new active Solaris SWW.
- Solaris 10 SWW is available.
Notes:
- The Solaris SWW platforms mentioned above include both SPARCv9 and ia32 versions.
- Another announcement will go out shortly with info on the SWW layout.
HERMES, PRINT, RIS, WINSWW and macserver.eecs down for patching Jan 11, 2006
Microsoft will release their patches for the month on Tuesday, January 10, 2006. HERMES, PRINT, RIS and WINSWW will be down for patching the following Wednesday, January 11, 2006, from 3:00 – 5:00pm.
macserver.eecs.berkeley.edu, which hosts the Mac software warehouse, will be down for maintenance at this time as well.
Gateway.EECS auth problem
As of Monday, Jan. 2, 9:20am, gateway.EECS is having problem with authentication, thus preventing users from sending email. Staff are working on this, and will restore service as soon as they can.
[Read more…] about Gateway.EECS auth problem
Unix SWW down
The unix/linux Software Warehouse fileserver sww.eecs suffered a power supply failure shortly after midnight last night, making /usr/sww unavailable for all clients which mount it.
As of about 12:45pm, all sww.eecs services have been restored, and clients which mount /usr/sww should be working as normal.