Microsoft RPC Vulnerability - Update Your Systems
Posted: 17:26:49, Thursday, Jul 31, 2003 Expiration: 19:00:00, Monday, Aug 4, 2003
The recently announced Microsoft RPC vulnerability creates a high degree of risk for our campus. To mitigate the risk, DoIT strongly recommends that all users of Windows operating systems (NT, 2000, XP) immediately patch their computers.
UPDATE: Thursday evening, 7/31:
The recently announced Microsoft RPC vulnerability creates a high degree of risk for our campus. To mitigate the risk, DoIT strongly recommends that all users of Windows operating systems immediately patch their computers. Instructions for doing so are available at http://www.doit.wisc.edu/news/story.asp?filename=179.
To assist in reducing risks to campus, DoIT will initiate vulnerability scanning of campus machines. See http://www.doit.wisc.edu/restricted/security/scanning/centralized/index.asp for more information about DoIT centralized campus scanning service. Due to the volume of machines running Windows, it may take a considerable amount of time to run the scans and contact departmental contacts. If you wish to scan machines to ensure the most recent patches have been applied, you can use the Microsoft Baseline Security Analyzer (MBSA), available for download at
Effective Friday, August 1, DoIT will also block incoming connections to ports 135 through 139 and 445 TCP/UDP on the DoIT dial-in pool. There is a slight chance that blocking these ports may cause some Microsoft services, such as Microsoft Exchange email, to be inaccessible for users of the dial-in pool. This block will be applied temporarily until dial-in pool users have the opportunity to apply the necessary patches to their computers. At this point, it is unknown how long this may take.
Thank you for your attention to this matter.
Message from Thursday morning, 7/31:
BadgIRT (UW Incident Response Team) has been alerted to a possible serious vulnerability for Microsoft Windows users. We recommend you address this issue for systems in your department at your earliest convenience.
Due to potential vulnerability in Microsoft Operating Systems, the Department of Homeland Security (DHS) has issued and advisory to heighten awareness of potential Internet disruptions resulting from the possible spread of malicious software exploiting a vulnerability in popular Microsoft Windows operating systems.
Because of the significant percentage of Internet-connected computers running Windows operating systems and using high-speed connections, the potential exists for a worm or virus to propagate rapidly across the Internet carrying payloads that might exploit other known vulnerabilities in switching devices, routers, or servers.
Computers using the following operating systems are affected:
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 Terminal Services Edition
- Microsoft Windows 2000
- Microsoft Windows XP
- Microsoft Windows Server 2003
DHS recommends that these operating systems be updated as soon as possible. Microsoft updates are available online. To learn if your Windows machine has the latest security fixes download Microsoft Baseline Security Analyzer (MBSA).
For more information and updates, see the BadgIRT Web site.
Created: 17:26:49, Thursday, Jul 31, 2003 (by Weizhong W.)
Updated: 17:26:49, Thursday, Jul 31, 2003 (by System U.)