From crawdad@fnal.gov Wed Apr 14 18:13:17 2004
Date: Thu, 12 Feb 2004 08:32:20 -0600
From: Matt Crawford <crawdad@fnal.gov>
To: cppm_reg_sysadmins@fnal.gov, pc-manager@fnal.gov
Cc: computer security <computer-security@fnal.gov>
Subject: Windows vulnerability MS04-007 is *critical*

The Microsoft Security Bulletin referenced below describes a critical
vulnerability in Windows NT4[*], 2000, XP, and 2003.  There are many
vectors of attack against this bug -- so many that even a system with
host firewalling set to block all ports is vulnerable.

This patch addresses a critical vulnerability and must be installed on
all affected systems by February 19.  See the end of this message for
special considerations for computers which are part of a laboratory
critical system.

We have as yet no tool to scan for the vulnerability without
administrative access, but when one becomes available you should expect
the all-too-familiar exercise of systems being blocked from all network
access.  It will be much simpler to have applied this patch while the
network is available as a medium to obtain it.

Reference:
http://www.microsoft.com/technet/treeview/?url=/technet/security/
bulletin/MS04-007.asp


[*] NT4 is only vulnerable if a previous critical security patch
MS03-041 *was* applied.  (Of course, if that patch wasn't installed,
the system is vulnerable to something else instead.)

Critical systems: This refers only to designated laboratory mission
critical computing systems - The authentication infrastructure, the
core network infrastructure, certain Business Services systems, the
accelerator controls systems and the CDF and D0 data logging and
experiment control systems.  If critical system coordinators, with the
approval of their division or section head or spokesperson, wish to
make other arrangements to protect Windows computers within their
critical system boundaries, they should describe their proposed
arrangements to the FCSC as soon as possible, but not later than
February 19th.

                 Matt Crawford   <crawdad@fnal.gov>
                 Fermilab Computer Security Coordinator
                 +1 630 840 3461
                 ** Computer security contact line: +1 630 840 2345 **