From: UCBG Network Security (mrmr_at_uclink.berkeley.edu)
Date: Thu Jul 31 2003 - 12:52:10 PDT
Hi Folks:
First, it appears that the page referenced to obtain the patch leads
to the generic Windows Update page...and I don't see any patch there
with a recent date that relates to this issue. We are using NT4 and
XP on various machines here.
So, then, in spite of that I did get a chance to install other
updates...and ran into this on one system (NT4) the download begins
(two updates being installed) and after each download, I get a 'Setup
cancelled' message...not installed, 'go back and try again'...
haven't encountered this before.
Thanks
Michael
>You are receiving this because your email address appears on our
>list of campus
>Security Contacts. It is NOT necessary for you to respond to this notice.
>
>THE PROBLEM
>
>A vulnerability in Microsoft Windows has recently been detected that
>constitutes
>a potential threat to the security of any machine running various versions of
>the Operating System. In particular, the following software is affected:
>
> Microsoft Windows NT 4.0
> Microsoft Windows NT 4.0 Terminal Services Edition
> Microsoft Windows 2000
> Microsoft Windows XP
> Microsoft Windows Server 2003
>
>The following is not affected by this vulnerability:
>
> Microsoft Windows Millennium Edition
>
>IMPACT
>
>The vulnerability would allow an attacker to gain complete control over an
>affected system, including installing programs, viewing, changing or deleting
>data, or creating new accounts with full privileges.
>
>WHAT SHOULD BE DONE BY THE ADMINISTRATOR OF AN AFFECTED MACHINE
>
>Microsoft has released a patch for this problem. Information about how to get
>the appropriate patch for each version of Windows is available at this URL:
>
>http://www.microsoft.com/security/security_bulletins/ms03-026.asp
>
>A tool is available that will scan machines on your network and detect which
>ones are vulnerable. It may be obtained from this site:
>
>http://www.eeye.com/html/Press/PR20030725.html
>
>--------------------------------------------------------------------------------
>NOTE: SNS will be sending individual notices to the contacts for
>specific hosts
>that we believe have already been compromised as a result of this
>vulnerability.
>--------------------------------------------------------------------------------
>
>TECHNICAL DESCRIPTION
>
>More detailed information about the vulnerability (including possible
>workarounds if a patch cannot be applied) may be obtained at this URL:
>
>http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp
>
>..........................
>System and Network Security
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
This archive was generated by hypermail 2.1.5 : Thu Jul 31 2003 - 12:58:43 PDT