Skip to the content of the web site.

Vulnerabilities (2009)

We monitor the campus network for vulnerabilities and scan systems for security problems. We follow the SANS Internet Storm Center, the US-CERT Current Activity Report, the US-CERT Security Bulletins and several security mailing lists. When we scan we determine which systems might be vulnerable (if we can, we determine those that are vulnerable, but we never exploit a vulnerability). We prepare a "Best Advice Note" and give the list of vulnerable systems to the Security Working Group, the Computing Systems Advisory Group (CSAG) and the Campus Network Advisory Group (CSAG) mailing lists. Vulnerabilities that aren't addressed will result in mail to the contacts listed in the DNS for the systems. Escalation procedures include the isolation of compromised systems and networks -- see the UCIST Statement on Security of UW Computing and Network Resources.

If you need assistance with an issue we have alarmed or any other security problem see Security Problems - Finding Help.

See also vulnerability notes for issues identified in 2008, 2007, 2006, 2005, 2004, 2003, 2002, 2001 and 2000.

Vulnerabilities identified in the past year include:

  1. Critical Microsoft Windows vulnerability, 17 September 2009
    Vulnerable Systems (Access Controlled) - as of 17 September 2009
    Partial portscan of vulnerable hosts - as of 17 September 2009

    SMB 2.0 flaw affecting Vista, 2008 Server.

    Updated 22 September: it may be sufficient to have a recent version of Symantec Endpoint installed on your host and blocking attacks. However, IST IT Security still recommends disabling SMB 2.0 functionality, as per the workaround listed in Microsoft Security Advisory 975497.

  2. Critical Microsoft Windows vulnerability, 13 January 2009
    Vulnerable Systems (Access Controlled) - as of 16 January 2009
    Vulnerable Systems (Access Controlled) - as of 06 February 2009
    Vulnerable Systems (Access Controlled) - as of 05 March 2009

    Microsoft's "Patch Tuesday" for January 2009 revealed a critical flaw in the SMB handling of all supported Windows operating systems. Users and administrators should patch as soon as possible.

  3. Spear Phishing Attacks, 3-Apr-2008 - present

    You should be aware of recent E-mail "spear phishing" attacks where the attackers have tried to trick users into revealing their passwords.

BEWARE: these vulnerability notes are not comprehensive. There are many more problems than these very few we've tried to address. Do not assume that addressing these issues makes your system secure. The best advice, as always, is to make sure your system is patched, a good Anti-virus is installed, a firewall is configured and your system is hardened by removing services which aren't required.

See also our Security: How to collection and be vigilant about the US-CERT Current Activity report -- it's updated regularly.

Maintained by the IST IT Security Group, please contact Jason Testart or Mike Patterson if you have any comments or questions.