IRIS

The server is back up as of 9:10am. Thanks for your patience.

********************************************************************
Title: Microsoft Security Bulletin Summary for December 2005
Issued: December 13, 2005
Version Number: 1.0
Bulletin: http://socrates.berkeley.edu:2002/MinStds/
********************************************************************

Security patches defined by Microsoft as “critical” or “important”
MUST be applied within 10 business days of notification. Should there
be active exploits, the time will be adjusted and users will be
informed appropriately. Hosts unpatched after the defined time are
subject to scanning and removal from the EECS network as per campus
IT security policies http://socrates.berkeley.edu:2002/MinStds/

Patching is sometimes dependent on the service pack level of the
Microsoft OS, and installed applications, please read requirements
carefully.

Critical Security Bulletins
===========================

MS05-054 – Cumulative Security Update for Internet Explorer (905915)

Impact: Remote Code Execution

Affected Software:

Windows Server 2003

Windows Server 2003 Service Pack 1

Windows Server 2003 x64 Edition

Windows Server 2003 for Itanium-based Systems

Windows Server 2003 with SP1 for Itanium-based Systems

Windows XP Service Pack 1

Windows XP Service Pack 2

Windows XP Professional x64 Edition

Windows 2000 Service Pack 4

Review the FAQ section of bulletin MS05-054 for information about these operating systems:

Windows 98

Windows 98 Second Edition (SE)

Windows Millennium Edition (ME)

Version Number: 1.0

Important Security Bulletins
============================

MS05-055 – Vulnerability in Windows Kernel Could Allow Elevation of Privilege (908523)

Impact: Elevation of Privilege

Affected Software:

Windows 2000 Service Pack 4

Version Number: 1.0

Microsoft will release their patches for the month on Tuesday, December
13, 2005. HERMES, PRINT, RIS and WINSWW will be down for patching the
following Wednesday, December 14, 2005, from 3:00 – 5:00pm.

macserver.eecs.berkeley.edu, which hosts the Mac software warehouse, will
be down for maintenance at this time as well.

As part of the effort to continue to strengthen our IT security, and to comply with the campus requirement, our exemption from the campus Windows RPC services blocking will cease after Dec. 21, 2005.

This will impact remote authentication to our Windows Active Directory (ie. the “EECS” domain) from offsite. It will also prevent ALL remote mounting of coeus, project, or WinSWW from any Windows system. Some examples are listed here:

You will not be able to log in to the “EECS” domain with your account and password if you are on the internet.

You will not be able to map or mount any drives such as \\coeus, \\project, or \\winsww (or any of your research group shares).

You will not be able to access \\print directly.

You will not be able to access fontus.eecs.berkeley.edu (Exchange server) directly.

This block was put in place by campus SNS group at UCB border approximately two years ago. EECS has an exemption, but the exemption is expiring.

There are two ways to alleviate this impact:

1. Use “remote desktop” to log into hermes.eecs.berkeley.edu (or your own terminal server) and access your data. For more information on this, please follow this link.

2. Use the campus VPN service. This will give you an UC Berkeley campus IP address, and allow you to authenticate and access directly our resources.

If you have any questions, please contact help@eecs.

As previously announced on the Oct. 11 Town Hall meeting, EECS will be making some changes to its wireless service offerings:

1. Effective Nov. 1, 2005, campus Airbears service is now available throughout the entire EECS, including all floors of Soda and Cory Halls, BWRC, and HMMB (CITRIS and BID centers).

2. After Dec. 20th, 2005, the existing EECS guest wireless service will cease to function. EECS users with valid Calnet IDs can obtain Airbears guest wireless service for their guests, for up to one week.

3. Effective Jan. 2006, EECS will be offering an extended guest wireless service, with a nominal charge, for our guests that need wireless internet access for more than the 7 days offered thru Airbears. The registration process is done thru
https://guest.eecs.berkeley.edu. A valid COA will be required. Guest wireless service can be provided on a monthly basis.

For details, please direct your inquiries to help@eecs.

Nov. 15 2005 from 0600-0630, core router inr-202 will be reloaded to upgrade the software running on it. This is necessary for two reasons:

1. A recently announced vulnerability that is fixed in newer software;
2. A problem with incremementing error counters, on which CNS is working with Cisco’s tech support.

There will not be any prolonged outage, because this router is redundant with another, inr-201. However, there may be a brief disruption while routing converges.

********************************************************************

Title: Microsoft Security Bulletin Summary for November 2005

Issued: November 8, 2005

Version Number: 1.0

Bulletin: http://go.microsoft.com/fwlink/?LinkId=56129

********************************************************************

Security patches defined by Microsoft as “critical” or “important”
MUST be applied within 10 business days of notification. Should there
be active exploits, the time will be adjusted and users will be
informed appropriately. Hosts unpatched after the defined time are
subject to scanning and removal from the EECS network as per campus
IT security policies (http://socrates.berkeley.edu:2002/MinStds/).

Patching is sometimes dependent on the service pack level of the
Microsoft OS, and installed applications, please read requirements
carefully.

Critical Security Bulletins

===========================

MS05-053 – Vulnerabilities in Graphics Rendering Engine Could Allow

Code Execution (896424)

Impact: Remote Code Execution

Affected Software:

– Windows 2000 Service Pack 4

– Windows XP Service Pack 1

– Windows XP Service Pack 2

– Windows XP 64-Bit Edition Version 2003 (Itanium)

– Windows XP Professional x64 Edition

– Windows Server 2003

– Windows Server 2003 for Itanium-based Systems

– Windows Server 2003 with SP1 for Itanium-based Systems

– Windows Server 2003 x64 Edition

We are very pleased to announce that a second EECS computing/networking helpdesk is now officially established in Soda hall, room 313. The Soda Hall helpdesk will be open daily from 9 am to 5pm, and our onsite consultants will do their best to resolve all your computing and networking inquiries or facilitate other requests. You can also reach them via email (help@eecs) or phone (2-7777). Software will be available for checkout from the Soda Hall helpdesk as well.

The Cory Hall helpdesk (395 Cory) will continue to be in operation.

Please come to say hello to our helpdesk consultants when you get a chance. And if you have comments or suggestions, please let us know.

Microsoft will release their patches for the month on Tuesday, November 8, 2005. HERMES, PRINT, RIS and WINSWW will be down for patching the following Wednesday, November 9, 2005, from 3:00 – 5:00pm.

macserver.eecs.berkeley.edu, which hosts the Mac software warehouse, will be down for maintenance at this time as well.

The Oct. 11 townhall meeting was successful, thanks to those attended. A summary of the meeting is now attached. Since some of the target dates can slide, we will be sending out announcements when they are ready. Please also share this info with those that did not make to the meeting.

Attachment:  EECS-townhall-101105.pdf