As part of the latest Microsoft Update cycle (released this
Tuesday),
Microsoft has released a patch for a critical vulnerability
in the
Server service (MS06-040) that could allow a remote attacker
to take
total control of an affected system. More information about
this
vulnerability can be found here:
http://www.microsoft.com/technet/security/Bulle
tin/ms06-040.mspx.
Due to the seriousness of the vulnerability and the
potential for
exploits to spread quickly though affected computers as
Internet worms,
SNS is recommending that all Windows users apply this patch
without
delay. Please visit http://update.microsoft.c
om to check your computer
for critical updates, and make sure you have the
"Automatic Updates"
feature enabled wherever possible. The CalnetAD team will
push this out
on the campus Windows Server Update Service immediately so
if you use
this service you should get your update soon.
Using firewall software will also reduce exposure to this
vulnerability.
The Server service listens on ports 139 and 445, so limit
access to the
ports to systems as needed for file sharing and central
administration.
Please visit http://software.berkeley
.edu to download Symantec Client
Security or enable the built-in firewall in Windows XP.
Please spread the word and thanks for your attention to this
matter.
--
Allison Henry
System and Network Security
University of California, Berkeley
http://security.berkeley
.edu
------------------------------------------------------------
------------
The following was automatically added to this message by the
list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.be
rkeley.edu/>.
|