IRIS

Microsoft has released security patches as of Tuesday, June 14th 2005. The security bulletin is available at http://www.microsoft.com/technet/security/bulletin/ms05-jun.mspx

Security patches defined by Microsoft as “critical” or “important” MUST be applied within 5 business days of notification. Should there be active exploits, the time will be adjusted and users will be informed appropriately. Hosts unpatched after the defined time are subject to scanning and removal from the EECS network as per campus IT security policies http://socrates.berkeley.edu:2002/MinStds/.

Patching is sometimes dependent on the service pack level of the Microsoft OS, and installed applications, please read requirements carefully.

Critical Security Bulletins

---

Microsoft Security Bulletin MS05-025
– Cumulative Security Update for Internet Explorer (883939)
– Impact: Remote Code Execution
– US-CERT is not currently aware of any exploits for this vulnerability.
Originally posted: June 14, 2005
Updated: June 15, 2005
Version: 1.1
Affected software:
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition

Microsoft Security Bulletin MS05-026
– Vulnerability in HTML Help Could Allow Remote Code Execution (896358)
– Impact: Remote Code Execution
– US-CERT is not currently aware of any exploits for this vulnerability.
Affected software:
Windows 2000 Service Pack 3
Windows 2000 Service Pack 4
Windows XP Service Pack 1
Windows XP Service Pack 2
Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Windows XP 64-Bit Edition Version 2003 (Itanium)
Windows XP Professional x64 Edition
Windows Server 2003
Windows Server 2003 for Itanium-based Systems
Windows Server 2003 with SP1 for Itanium-based Systems
Windows Server 2003 x64 Edition

Microsoft Security Bulletin MS05-027
– Vulnerability in SMB Could Allow Remote Code Execution (896422)
– Impact: Remote Code Execution
– US-CERT is not currently aware of any exploits for this vulnerability.
Affected software:
Windows 2000 Service Pack 3
Windows 2000 Service Pack 4
Windows XP Service Pack 1
Windows XP Service Pack 2
Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Windows XP 64-Bit Edition Version 2003 (Itanium)
Windows XP Professional x64 Edition
Windows Server 2003
Windows Server 2003 for Itanium-based Systems
Windows Server 2003 with SP1 for Itanium-based Systems
Windows Server 2003 x64 Edition

Important Security Bulletins

---

Microsoft Security Bulletin MS05-028
– Vulnerability in Web Client Service May Allow Elevation of Privilege (896426)
– Impact: Remote Code Execution
– US-CERT is not currently aware of any exploits for this vulnerability.
Affected software:
Windows XP Service Pack 1
Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Windows XP 64-Bit Edition Version 2003 (Itanium)
Windows Server 2003
Windows Server 2003 for Itanium-based Systems

Microsoft Security Bulletin MS05-029
– Vulnerability in Outlook Web Access for Exchange Server 5.5 Could Allow Cross-Site Scripting Attacks (895179)
– Impact: Remote Code Execution
– US-CERT is not currently aware of any exploits for this vulnerability.
Affected software:
Exchange Server 5.5 Service Pack 4

Microsoft Security Bulletin MS05-030
– Cumulative Security Update in Outlook Express (897715)
– Impact: Remote Code Execution
– US-CERT is not currently aware of any exploits for this vulnerability.
Affected Software:
Windows 2000 Service Pack 3
Windows 2000 Service Pack 4
Windows XP Service Pack 1
Windows XP Service Pack 2
Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Windows XP 64-Bit Edition Version 2003 (Itanium)
Windows Server 2003
Windows Server 2003 for Itanium-based Systems

Microsoft Security Bulletin MS05-031
– Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (898458)
– Impact: Remote Code Execution
– US-CERT is not currently aware of any exploits for this vulnerability.
Originally posted: June 14, 2005
Updated: June 15, 2005
Version: 1.1
Affected Software:
Windows 2000 Service Pack 3
Windows 2000 Service Pack 4
Windows XP Service Pack 1
Windows XP Service Pack 2
Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Windows XP 64-Bit Edition Version 2003 (Itanium)
Windows XP Professional x64 Edition
Windows Server 2003
Windows Server 2003 for Itanium-based Systems
Windows Server 2003 with SP1 for Itanium-based Systems
Windows Server 2003 x64 Edition

Moderate Security Bulletins

---

Microsoft Security Bulletin MS05-032
– Vulnerability in Microsoft Agent Could Allow Spoofing (890046)
– Impact: Spoofing
– US-CERT is not currently aware of any exploits for this vulnerability.
Affected Software:
Windows 2000 Service Pack 3
Windows 2000 Service Pack 4
Windows XP Service Pack 1
Windows XP Service Pack 2
Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Windows XP 64-Bit Edition Version 2003 (Itanium)
Windows XP Professional x64 Edition
Windows Server 2003
Windows Server 2003 for Itanium-based Systems
Windows Server 2003 with SP1 for Itanium-based Systems
Windows Server 2003 x64 Edition

Microsoft Security Bulletin MS05-033
– Vulnerability in Telnet Client Could Allow Information Disclosure (896428)
– Impact: Information Disclosure
– US-CERT is not currently aware of any exploits for this vulnerability.
Originally posted: June 14, 2005
Updated: June 15, 2005
Version: 1.1
Affected Software:
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
When running on Windows 2000:
Microsoft Windows Services for UNIX 3.5
Microsoft Windows Services for UNIX 3.0
Microsoft Windows Services for UNIX 2.2

Microsoft Security Bulletin MS05-034
– Cumulative Security Update for ISA Server 2000 (899753)
– Impact of Vulnerability: Elevation of Privilege
– US-CERT is not currently aware of any exploits for this vulnerability.
Affected Software:
Microsoft Internet Security and Acceleration (ISA) Server 2000 Service Pack 2
Microsoft Small Business Server 2000
Microsoft Small Business Server 2003 Premium Edition
[Read more…] about Microsoft Security Bulletin Summary for June

We're experiencing some delays in delivering email. No mail has been/is
lost. We've been working on trying to fix this. At this point things are a
bit better, but not quite there yet.



Vadim.

[Read more…] about email delays

Microsoft will release their patches for the month on June 14th, 2005.
HERMES, PRINT, RIS and WINSWW will be down for patching the following Wednesday, June 15th, from 3:00 – 5:00pm.

The switch in 165 Cory Machine room will be upgraded on Monday June 6 at 07:00 (AM).

Ports will be moved one at a time to avoid undue downtime. Typical outage should be less than 5 seconds.
Unless your operating system behaves badly with having your default MAC address changed, then you probably wont notice anything.

Once everyone is moved over, the main uplink fibers will be changed over.
This may or may not cause a glitch.
We don’t expect it to. Durring the switch over there may be a performance hit, since during this time the pipe will be reduced to 100MBS.
The overall mintenance window should only be 1 hour.

There will be network downtime for soda 7 floor switch Thursday, June 2nd, 2005 at 7:30 AM. The downtime is expected to last no more than 1 hour.
This will affect users who use wired connection on the 7th floor.
I regret any inconvenience this may cause. Please make your plans accordingly.

There will be an emergency network downtime. We will replace another
network hardware for soda 5a switch today May 25, 2005.

There will be brief network outages from 12:15PM to 12:45PM.

This will affect users who use wired connection on the 5th floor. Since our wireless network feeds into our switched infrastructure at several locations in Soda, there will also be a couple of brief outages to the wireless network from floors 5-7 as well.

I regret any inconvenience this may cause. Please make your plans
accordingly.

There will be an upcoming downtime for all wireless services in EECS
for this Thursday May 26th from 06:00-08:00 AM for a code upgrade. Please plan
accordingly.

There will be an emergency network downtime.

We will replace a network
hardware for soda 5a switch today May 24, 2005. There will be brief
network outages from 12:15PM to 12:45PM.

This will affect users who use wired connection on the 5th floor. Since
our wireless network feeds into our switched infrastructure at several
locations in Soda, there will also be a couple of brief outages to the
wireless network from floors 5-7 as well.

I regret any inconvenience this may cause. Please make your plans
accordingly.

Coeus and project will be down for maintenance (hardware and software)
Wednesday, June 1, 2005 at 4:00 PM. The downtime is expected to last no
more than 2 hours. During this time the systems may be coming up and down
repeatedly, which should not be mistaken as an indication of the conclusion
of the work. An update will be posted when the work is finished.

NFS clients should not have to do anything. CIFS clients may have to re-open
files/etc. Client systems should not be needing reboots. This is a
troubleshooting/upgrade downtime, no serious changes are happening.

On Wednesday, May 18, 2005 at 10pm, the EECS Department’s web server
will be unavailable for a short time when it is rebooted after routine maintenance. Downtime should not exceed 30 minutes.

This will affect all web pages hosted on:

www.eecs.berkeley.edu
www.cs.berkeley.edu
ee.berkeley.edu
titanium.cs.berkeley.edu
blackouts.eecs.berkeley.edu
quantum.cs.berkeley.edu
www-bisc.cs.berkeley.edu
www-w2k.cs.berkeley.edu
tenet.berkeley.edu
safetp.cs.berkeley.edu
aima.eecs.berkeley.edu
networks.eecs.berkeley.edu
orange.eecs.berkeley.edu
osq.cs.berkeley.edu
bebop.cs.berkeley.edu
www.object-recognition.org
harmonia.cs.berkeley.edu
cc05.cs.berkeley.edu
lithonet.eecs.berkeley.edu
nanophotonics.eecs.berkeley.edu
sipc.eecs.berkeley.edu
theory.eecs.berkeley.edu
web1.eecs.berkeley.edu