Security Log File - July 2003

July 30, 2003 UNH Campus Advisory - Windows Operating System Vulnerability
Earlier this month vulnerabilities were announced by Microsoft that effected most of their recent operating systems. These OSes include Windows NT, 2000, XP, and 2003 in their various forms. The vulnerability effects the Distributed Component Object Model (DCOM) component of the (Remote Procedure Call) RPC systems. The function of this piece of software is to allow communications between machines of certain software components.

The RPC/DCOM vulnerability is likely to heavily exploited, as it is the most widespread hole in many years, as it exists on all effected operating systems, and not just systems who are using certain software (like the Internet Information Server vulnerabilities that led to the CodeRed outbreak.)

It has recently been reported that the released patches from Microsoft are not completely repairing this vulnerability, at the very least on certain 2000 systems. At the same time it appears that probing for this vulnerability has begun. In an effort to protect campus systems we have temporarily blocked access to certain ports from the Internet, as has been suggested by Microsoft. These ports are listed below. Certain Microsoft services will be effected, most notably Exchange e-mail. However, web access to Exchange will not be effected and full usability can still be achieved by using the VPN system. We will update this notice as new information becomes available.

Ports
135 UDP/TCP
139 UDP/TCP
445 UDP/TCP

Relevant Links
CERT Advisory
http://www.cert.org/advisories/CA-2003-16.html
Microsoft Bulletin
http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

If you have any questions or concerns, please contact the CIS Help Desk & Dispatch Center at 862-4242.

July 1, 2003 - UNH Campus Advisory
Service Pack 4 (SP4) for Microsoft Windows 2000 has recently been released by Microsoft. CIS has encountered problems on some Windows 2000 Professional desktops that result in not being able to log into your computer with a domain account after installing this patch. This means the loss of Active Directory resources to UNH personnel.

In light of these events, CIS Client Services strongly recommends that people on campus with Windows 2000 Professional machines refrain from downloading and installing SP4. CIS is continuing to investigate the problem.

Please refer back to these pages for additional information as it becomes available. If you have any questions/concerns, please contact the CIS Help Desk & Dispatch Center at 862-4242. Thank you.