SNS was not aware that this message went out until we received numerous
reports from the campus community. We are in the process of contacting
the BFS team to coordinate a unified message.
In the meantime, SNS has the same serious concerns regarding MS06-040.
This is a critical vulnerability that can allow exploits to spread as
worms throughout the network with no user interaction (much like the old
"Blaster" worms). Exploits of this vulnerability are already out in the
wild. The students will be returning this weekend, no doubt with many
unpatched and possibly infected laptops, so now is not the time to avoid
this patch.
Workstations used for access to campus financial systems should be
treated with a high level of concern to security. IF the patch needs to
be removed for compatibility with BFS, our message will include other
workarounds that will defend against the vulnerability.
Allison Henry
System and Network Security
University of California, Berkeley
http://security.berkeley.edu
Gary Lum wrote:
> Some of the patches released last week fix a particularly nasty exploit
> where a hacker can gain complete control of a system.
>
> http://www.microsoft.com/technet/security/Bulletin/MS06-040.mspx#ERGAC
>
> Has anyone else seen this and care to comment on the request? For us,
> it's a moot point since we've already applied the patches , but I think
> it would be preferable to keep the system safe and find a workaround to
> get BFS working instead of the other way around.
>
>
>
>
> -------- Original Message --------
> Subject: [BFS] DO NOT APPLY PATCHES FOR WINDOWS
> Date: Tue, 15 Aug 2006 10:57:29 -0700
> From: bfsbairs@uclink.berkeley.edu
> To: bfs_users@listlink.berkeley.edu
>
>
>
> This message is from the BFS User Mailing List
>
> DO NOT APPLY PATCHES FOR WINDOWS
>
> Beginning last Friday we have been receiving calls from campus users who
> are having problems accessing BFS because of Windows service patches being
> applied to local machines. Until our technical staff can determine which
> patches work, and which do not, DO NOT apply any patches to your machines.
> If your department's technical support is not on this list serve, please
> pass this information along to them.
>
> Once we know which patches work with BFS and which do not, we'll send out
> another list serve. Thank you for your cooperation and patience.
>
> If you have any questions about this listserve, please call Financial
> Systems User Support at 3-4250 or send email to bfsbairs@berkeley.edu.
>
>
> ------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> For information about Micronet, including subscribing to
> or unsubscribing from its mailing list and finding out
> about upcoming meetings, please visit the Micronet Web site:
> <http://micronet.berkeley.edu/>.
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
Received on Tue Aug 15 12:51:15 2006
This archive was generated by hypermail 2.1.8 : Tue Aug 15 2006 - 12:51:16 PDT