September 11, 2003
Security Alert -- Windows RPC vulnerability (redux)

A serious security alert has been issued by Microsoft in response to the discovery of a new vulnerability in the Windows remote procedure call (RPC) service.

It is imperative to patch your machine now to protect the security and integrity of your computer and the Extension network. This vulerability is very similar to the one exploited by the "Blaster" and "Nachi" worms beginning about one month ago. While there is not yet any worm exploiting this issue, it is only a matter of time.

To download and install a security patch for your system, you will need to do the following:

1. Log in as Administrator. At the login prompt, type ‘Administrator’ rather than your regular log-in and use the administrator password rather than your regular password. When you log in, be sure to change ‘Log onto:’ from IASTATE to the computer name (which will be identified on a drop down list by ‘(this computer)’).

2. Download the Windows 2000 patch or the Windows XP patch. (if you don’t know which operating system you’re using, right-click on My Computer and select Properties). The patch will take about 10 to 15 minutes to download.

3. Double-click on the patch and follow the instructions it provides.

4. Reboot your computer and log back in with your own username and password (be sure to change ‘Log onto’ from ‘(this computer)’ to IASTATE.

If you know other people in your office with Windows 2000 and Windows XP machines, please make them aware of this patch and the need to update their computers.

If you have questions or problems applying the update, contact the Computer Support hotline at 515/294-1725.

Additional information from Microsoft regarding this vulnerability can be found at:

End-user MS03-039 - KB824146 security bulletin
Technical MS03-039 - KB824146 security bulletin

Links in this post:

Blaster information: http://vil.nai.com/vil/content/v_100547.htm
Nachi informatoin: http://vil.nai.com/vil/content/v_100559.htm

Windows 2000 Patch: http://www.extension.iastate.edu/mt/technews/extras/Windows2000-KB824146-x86-ENU.exe
Windows XP Patch: http://www.extension.iastate.edu/mt/technews/extras/WindowsXP-KB824146-x86-ENU.exe

End-user MS03-039 - KB824146 security bulletin:
http://www.microsoft.com/security/security_bulletins/ms03-039.asp
Technical MS03-039 - KB824146 security bulletin:
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-039.asp

Posted by dddugan at September 11, 2003 08:12 AM