|
ALARM Group ALERT — click for a description of ALARM, The Computing Alert System Alert Number: 081205-02 Alert Date: 08/12/05 Alert Title: Another Exploit released for Vulnerability detailed in August Microsoft security bulletin Update-to: 081205-01 OS/Platform/Application: Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems Microsoft Windows Server 2003 x64 Edition Category: ALERT Severity: HIGH Attention: Windows System Administrators, Desktop Support Personnel |
Summary: Several Internet security monitoring and analysis agencies are reporting the public release of one or several exploits that take advantage of a vulnerability detailed in Microsoft Security Bulletin MS05-039. MS-05-039 was part of the August 9 release of monthly security updates provided by Microsoft (and is deemed as "critical" by the vendor). This bulletin deals with multiple issues associated with the Plug and Play (PnP) service. A number of University computers recently found to be compromised may have been exploited by way of this vulnerability. The consensus among monitoring and analysis agencies is to apply the patch as soon as possible to all vulnerable systems.Recommended Actions: Windows system managers and support personnel are strongly encouraged to read the bulletin (including all potential caveats) and (if appropriate) apply the patch(es) immediately as per the instructions provided by the vendor if they have not already done so.
ITS Actions: ITS Systems Management and Operations Staff will apply the patches to the appropriate ITS servers as part of the next scheduled system update.
Resources:
Microsoft Security Bulletin MS05-039
