IRIS News | Page 180 | Instructional & Research Information Systems

Microsoft Windows Metafile (WMF) Handling Vulnerability Advisory

January 5, 2006 by Mark Kraitchman

A vulnerability in Microsoft Windows Metafile (WMF) handling was
discovered in December. This vulnerability affects all
versions of Microsoft Windows. Microsoft is working on a patch.

This vulnerability could let an intruder take complete control of
your system, install spyware and attack other systems.
Exploit code has been publicly posted and systems are being
compromised, including as of Monday January 2, 2006 41 systems
on campus of which 2 were in EECS.

Systems are vulnerable to WMF exploits via malicious web pages,
malicious email attachments and malicious attachments in instant messaging.

For more info please see
http://idsg.EECS.Berkeley.EDU/security/wmf.html
[Read more…] about Microsoft Windows Metafile (WMF) Handling Vulnerability Advisory

Changes to Platform Support on Unix SWW

January 4, 2006 by IRIS Staff

The following changes to platform support are going to happen on the UNIX SWW:

Solaris 7 SWW will be removed on January 31, 2006.
RedHat 7.2 SWW will be removed on January 31, 2006. This does NOT affect the Linux SWW (commercial/Licensed software only).
Solaris 8 SWW is in a security-only mode. Only security updates will be applied to it. Solaris 8 SWW will be frozen (no more updates) on June 13, 2006.
Solaris 9 SWW is the new active Solaris SWW.
Solaris 10 SWW is available.

Notes:

The Solaris SWW platforms mentioned above include both SPARCv9 and ia32 versions.
Another announcement will go out shortly with info on the SWW layout.

HERMES, PRINT, RIS, WINSWW and macserver.eecs down for patching Jan 11, 2006

January 3, 2006 by IRIS Staff

Microsoft will release their patches for the month on Tuesday, January 10, 2006. HERMES, PRINT, RIS and WINSWW will be down for patching the following Wednesday, January 11, 2006, from 3:00 – 5:00pm.

macserver.eecs.berkeley.edu, which hosts the Mac software warehouse, will be down for maintenance at this time as well.

Gateway.EECS auth problem

January 2, 2006 by IRIS Staff

As of Monday, Jan. 2, 9:20am, gateway.EECS is having problem with authentication, thus preventing users from sending email. Staff are working on this, and will restore service as soon as they can.
[Read more…] about Gateway.EECS auth problem

Unix SWW down

December 30, 2005 by Lars Rohrbach

The unix/linux Software Warehouse fileserver sww.eecs suffered a power supply failure shortly after midnight last night, making /usr/sww unavailable for all clients which mount it.

As of about 12:45pm, all sww.eecs services have been restored, and clients which mount /usr/sww should be working as normal.

Computing Support during the 2005 Winter Holiday

December 23, 2005 by Rob McNicholas

Due to the Winter Holidays, Energy Curtailment, and New Year’s Holidays, the Berkeley campus is officially closed for the period Monday 12/24/2005 to Monday 01/02/2006.

All departmental computing servers will remain on and should be available during the break, but there will be no staff on site to provide any computing support or handle any requests. Automatic monitoring systems will alert staff to critical infrastructure problems, and any such problems will be dealt with on a best-effort basis. We expect full service to resume on January 2nd.

The EECS Department’s Computer Helpdesk will be closed during this time. Problem reports can be left on the Helpdesk voice mail (2-7777) or emailed to help@eecs, but staff may not receive or reply to these messages until January 2nd.

During the break, Instructional labs will be locked, but the main servers should remain online (imail.eecs, inst.eecs, cory.eecs, mamba.eecs and fileservice.eecs). Instructional support staff will occasionally monitor inst@eecs over the break. If you are unable to contact inst@eecs, you can leave a message at 2-9543. Please be aware, though, that staff may not be able to respond or reply to messages until January 2nd.

We recommend that all desktop computers be shutdown during the Energy Curtailment Period. If your Windows computer needs to stay on during the break, we recommend that you check with your system administrator to ensure that Automatic Updates are enabled with the option ‘Automatically download the updates and install them on the schedule that I specify’, with a daily update schedule. For all windows systems, especially mobile laptops, we also suggest that you consider installing personal firewalls.

Computing support staff will be monitoring their email when possible, so please use standard email addresses to report any urgent problems. As a reminder:

Instructional Computing Environment: inst@eecs
Research / Staff Computing Environment: help@eecs

Enjoy your holiday break!

BID Center Router Down for Repairs

December 22, 2005 by IRIS Staff

The BID center router will be down for repairs on Friday Dec. 23 from 8:00 AM until 8:30 AM.

EECS IMAP server down

December 21, 2005 by IRIS Staff

The server is back up as of 9:10am. Thanks for your patience.

Microsoft Security Bulletin Summary for December 2005

December 14, 2005 by IRIS Staff

********************************************************************
Title: Microsoft Security Bulletin Summary for December 2005
Issued: December 13, 2005
Version Number: 1.0
Bulletin: http://socrates.berkeley.edu:2002/MinStds/
********************************************************************

Security patches defined by Microsoft as “critical” or “important”
MUST be applied within 10 business days of notification. Should there
be active exploits, the time will be adjusted and users will be
informed appropriately. Hosts unpatched after the defined time are
subject to scanning and removal from the EECS network as per campus
IT security policies http://socrates.berkeley.edu:2002/MinStds/

Patching is sometimes dependent on the service pack level of the
Microsoft OS, and installed applications, please read requirements
carefully.

Critical Security Bulletins
===========================

MS05-054 – Cumulative Security Update for Internet Explorer (905915)

Impact: Remote Code Execution

Affected Software:

Windows Server 2003

Windows Server 2003 Service Pack 1

Windows Server 2003 x64 Edition

Windows Server 2003 for Itanium-based Systems

Windows Server 2003 with SP1 for Itanium-based Systems

Windows XP Service Pack 1

Windows XP Service Pack 2

Windows XP Professional x64 Edition

Windows 2000 Service Pack 4

Review the FAQ section of bulletin MS05-054 for information about these operating systems:

Windows 98

Windows 98 Second Edition (SE)

Windows Millennium Edition (ME)

Version Number: 1.0

Important Security Bulletins
============================

MS05-055 – Vulnerability in Windows Kernel Could Allow Elevation of Privilege (908523)

Impact: Elevation of Privilege

Affected Software:

Windows 2000 Service Pack 4

Version Number: 1.0

HERMES, PRINT, RIS, WINSWW and macserver.eecs down for patching

December 7, 2005 by IRIS Staff

Microsoft will release their patches for the month on Tuesday, December
13, 2005. HERMES, PRINT, RIS and WINSWW will be down for patching the
following Wednesday, December 14, 2005, from 3:00 – 5:00pm.

macserver.eecs.berkeley.edu, which hosts the Mac software warehouse, will
be down for maintenance at this time as well.