From dane@fnal.gov Thu Aug 21 12:35:40 2003
Date: Thu, 21 Aug 2003 12:15:18 -0500 (CDT)
From: Dane D. Skow <dane@fnal.gov>
To: cppm_reg_sysadmins@fnal.gov
Cc: computer-security@fnal.gov
Subject: MS RPC declared Critical Vulnerability

Spread of the Nashi worm continues at FNAL and we have a large number of
systems testing as vulnerable to the RPC vulnerability. Since the risk
of infection is now very high onsite, this is now declared to be a
Critical Vulnerability. Patching this vulnerability is now MANDATORY.
This worm selects first on the /24 subnet of its victim, so that fact
that the vulnerable machines seem to cluster by subnet may indicate that
they've just managed to avoid the scan so far rather than any particular
immunity.

Systems that are not patched by noon Wednesday August 27 will be isolated
from the network and not reconnected until a registered sysadmin verifies
that current virus scanning has been done on the machine and that the
machine has been patched against the MS RPC vulnerability (patch
MS03-026). See instructions at
http://computing.fnal.gov/security/Alerts/nachi.html

It is highly recommended that all appropriate Microsoft security patches
be applied and that regular virus scanning with regularly updated virus
signatures be performed.

Dane Skow
Computer Security Executive (Deputy)