IRIS

This afternoon, WINSWW (winsww.eecs.berkeley.edu), the windows software warehouse, sustained multiple disk failures causing it to become unavailable. IDSG is working to restore the failed volume, but we regret that it will be down for at least the next 24 hours (until 09/15/2005, 5:00pm) while it is being worked on.

Consequently, the Windows “Add/Remove Programs” feature, which allows you to install software over the network from WINSWW, will be unavailable until WINSWW is restored to service.

We apologize for the inconvenience.

The main EECS print server, print.eecs.berkeley.edu, is down as of Wed, 09/14/05, 8:00am. There is no ETA as to when it will be back up, although IDSG staff are working on this problem. Access to all printers thru \\print is currently unavailable. We believe this is related to all the issues we have seen with print service since last Friday. We will post any updates as soon as we have them.

Thank you for your patience.

[Read more…] about Print Server Down

Microsoft will release their patches for the month on Tuesday, September 13th. HERMES, PRINT, RIS and WINSWW will be down for patching the following Wednesday, September 14th, from 3:00 – 5:00pm.

coeus/project will be down at 5pm on Wednesday, September 14th for an
upgrade. The downtime is expected to last no more than 15 minutes.

As noted in
https://iris.eecs.berkeley.edu/news/2005/0811-Microsoft_security_p-363.shtml,
Microsoft security patches for August 2005 were released on Aug 9, 2005.

The critical Vulnerability in Plug and Play as listed in Microsoft Security Bulletin MS05-039 has become a vector for active exploits and administrative compromise of Windows systems.
There are active exploits in the wild.

Because of this, it is now assumed that any system that has not been patched for the Vulnerability in Plug and Play as listed in Microsoft Security Bulletin MS05-039 is compromised.

Both security@EECS.Berkeley.EDU and security@Berkeley.EDU are actively scanning the network for systems that are not patched for MS05-039.

Effective Today 8/22/05. it is now assumed that any Windows 2000 (Home, Professional, or Server) system that has not been patched for the Vulnerability in Plug and Play as listed in Microsoft Security Bulletin MS05-039 is compromised.

If these scans show any Windows system that is not patched, support for the system will be suspended.

If the system is Windows 2000 (Home, Professional, or Server), it will be required to be re-built from secure media prior to resumption of support.

All other Windows systems will be required to install the patch prior to resumption of support.

[Read more…] about Microsoft Security Patch for Plug and Play

UNSCHED RESOLVED OUTAGE DoeCEV 12 August 2005: 11:48 – 14:17PDT

Equipment: inr-000/packetshaper/ISP link
Location: DoeCEV
Date: 12 August 2005: Start: 11:48 End: 14:17PDT

Description:
Shortly before noon, a UPS in the DoeCEV failed. The failed UPS had supplied
power to (among other things) a media converter chassis which sat in the path
between inr-201 (a core router) and inr-000 (one of our border routers).

Routing within campus converged to utilize alternate paths as expected; however,
inr-000, which was isolated from the rest of campus, continued to announce
campus connectivity upstream.

These announcements attracted some return ISP traffic, and caused loss of
connectivity to some off campus sites.

Shortly after 2pm, power to the fiber media converter was restored, and all
traffic to/from campus along the commodity ISP path began flowing normally
once again.

– Christopher

Equipment: inr-000/packetshaper/ISP link
Location: DoeCEV
Date: 12 August 2005: Start: 11:48PDT End: ongoing

Description:
At approximately 11:48PDT this morning, one of our core routers lost connectivity to
the the ratelimiting device which connects it to one of our border ISP links.

ISP traffic converged to the other ISP link, however, one or more misbehaving hosts were
consuming a great deal of available bandwidth and caused packet loss/delay on the other
ISP link.

We have blocked one of the misbehaving hosts for operational issues, and are investigating
the loss of connectivity to the other ISP link and packetshaper.

Microsoft has released security patches as of August 9th, 2005.
Bulletin: http://go.microsoft.com/fwlink/?LinkId=51160

Security patches defined by Microsoft as “critical” or “important” MUST be applied within 5 business days of notification. Should there be active exploits, the time will be adjusted and users will be informed appropriately. Hosts unpatched after the defined time are subject to scanning and removal from the EECS network as per campus IT security policies (http://socrates.berkeley.edu:2002/MinStds/).

Patching is sometimes dependent on the service pack level of the Microsoft OS, and installed applications, please read requirements carefully.

Critical Security Bulletins
===========================

Microsoft Security Bulletin MS05-038
Cumulative Security Update for Internet Explorer (896727) – Impact: Remote Code Execution – US-CERT currently is not aware of any exploits for this vulnerability.

Affected Software:
Windows 2000 Service Pack 4
Windows XP Service Pack 1
Windows XP Service Pack 2
Windows XP Professional x64 Edition
Windows Server 2003
Windows Server 2003 Service Pack 1
Windows Server 2003 for Itanium-based Systems
Windows Server 2003 with SP1 for Itanium-based Systems
Windows Server 2003 x64 Edition

Microsoft Security Bulletin MS05-039
Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588) – Impact: Remote Code Execution – US-CERT currently is not aware of any exploits for this vulnerability.

Affected Software:
Windows 2000 Service Pack 4
Windows XP Service Pack 1
Windows XP Service Pack 2
Windows XP Professional x64 Edition
Windows Server 2003
Windows Server 2003 Service Pack 1
Windows Server 2003 for Itanium-based Systems
Windows Server 2003 with SP1 for Itanium-based Systems
Windows Server 2003 x64 Edition

Microsoft Security Bulletin MS05-043
Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423) – Impact: Remote Code Execution – US-CERT currently is not aware of any exploits for this vulnerability.

Affected Software:
Windows 2000 Service Pack 4
Windows XP Service Pack 1
Windows XP Service Pack 2
Windows Server 2003
Windows Server 2003 for Itanium-based Systems

Important Security Bulletins
============================

Microsoft Security Bulletin MS05-040
Vulnerability in Telephony Service Could Allow Remote Code Execution (893756) – Impact: Remote Code Execution – US-CERT currently is not aware of any exploits for this vulnerability.

Affected Software:
Windows 2000 Service Pack 4
Windows XP Service Pack 1
Windows XP Service Pack 2
Windows XP Professional x64 Edition
Windows Server 2003
Windows Server 2003 Service Pack 1
Windows Server 2003 for Itanium-based Systems
Windows Server 2003 with SP1 for Itanium-based Systems
Windows Server 2003 x64 Edition

Moderate Security Bulletins
===========================

Microsoft Security Bulletin MS05-041
Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591) – Impact: Remote Code Execution – US-CERT currently is not aware of any exploits for this vulnerability.

Affected Software:
Windows XP Service Pack 1
Windows XP Service Pack 2
Windows XP Professional x64 Edition
Windows Server 2003
Windows Server 2003 Service Pack 1
Windows Server 2003 for Itanium-based Systems
Windows Server 2003 with SP1 for Itanium-based Systems
Windows Server 2003 x64 Edition

Microsoft Security Bulletin MS05-042
Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587) – Impact: Remote Code Execution – US-CERT currently is not aware of any exploits for this vulnerability.

Affected Software:
Windows 2000 Service Pack 4
Windows XP Service Pack 1
Windows XP Service Pack 2
Windows XP Professional x64 Edition
Windows Server 2003
Windows Server 2003 Service Pack 1
Windows Server 2003 for Itanium-based Systems
Windows Server 2003 with SP1 for Itanium-based Systems
Windows Server 2003 x64 Edition

We will be changing out some major network hardware on the 5th floor of Cory Hall. This should only take about half an hour, but for safety’s sake we will schedule a 2 hour maintenance window from 0630 to 0830 AM. This will take place either this Thursday(11AUG05) or Friday(12AUG05) depending on when we get the parts. This will knock out most of the South and West side of the 5th Floor, along with the wireless covering that area. Some servers may be down which cover larger areas. This is being done proactively to avoid a major meltdown. Thank you for your patience.
[Read more…] about 5th Floor Cory Network Outages

Due to some potential problems with one of the switches servicing the 5th floor of Cory, we will possibly be doing some work on it either tomorrow (Friday) or Monday morning from 07:30 to 08:30. Actual outage may only be for a few minutes.

This should only be noticed by people on the 5th floor of Cory, however, since this may be experienced by servers on the 5th floor, the outage may be felt elsewhere.

Bruce