Skip to the content of the web site.

Vulnerabilities (2008)

We monitor the campus network for vulnerabilities and scan systems for security problems. We follow the SANS Internet Storm Center, the US-CERT Current Activity Report, the US-CERT Security Bulletins and several security mailing lists. When we scan we determine which systems might be vulnerable (if we can, we determine those that are vulnerable, but we never exploit a vulnerability). We prepare a "Best Advice Note" and give the list of vulnerable systems to the Security Working Group, the Computing Systems Advisory Group (CSAG) and the Campus Network Advisory Group (CSAG) mailing lists. Vulnerabilities that aren't addressed will result in mail to the contacts listed in the DNS for the systems. Escalation procedures include the isolation of compromised systems and networks -- see the UCIST Statement on Security of UW Computing and Network Resources.

If you need assistance with an issue we have alarmed or any other security problem see Security Problems - Finding Help.

See also vulnerability notes for issues identified in 2007, 2006, 2005, 2004, 2003, 2002, 2001 and 2000. Vulnerabilities identified in the past year include:

  1. Critical Microsoft Windows vulnerability, 13 January 2009
    Vulnerable Systems (Access Controlled) - as of 16 January 2009

    Vulnerable Systems (Access Controlled) - as of 06 February 2009

    Microsoft's "Patch Tuesday" for January 2009 revealed a critical flaw in the SMB handling of all supported Windows operating systems. Users and administrators should patch as soon as possible.

  2. Spear Phishing Attacks, 3-Apr-2008 - present

    You should be aware of recent E-mail "spear phishing" attacks where the attackers have tried to trick users into revealing their passwords.

  3. Windows Server Service RPC vulnerability, 27-Oct-2008

    Critical RPC vulnerability with all versions of Microsoft Windows. There is exploit code in the wild, so it is important to apply the update ASAP.

  4. April Fool's Trojan, 1-Apr-2008

    We are seeing e-mail invitations for a "April Fool's Trojan" -- it's another instance of the Storm Worm. Cf the "Funny Postcard Trojan" discussed below.

  5. Funny PostCard Trojan, 12-Mar-2008

    We are seeing e-mail invitations for a "Funny PostCard" -- it's another instance of the Storm Worm. Infected systems may become peers in the Storm Botnet. Some advice on how to recognize the issue and avoid the infection.

  6. Free Video ActiveX Trojan, 16-Jan-2008

    We have detected a few systems infected with the Zlob Trojan. For at least some infections the user was browsing a malicious web site and clicked on a "Free Video" offer. Some advice on how to recognize the issue and avoid the infection.

  7. Incident Summary 2007, 7-Jan-2008

    A summary of significant security incidents/events tracked in the 2007 calendar year.

See also vulnerability notes for issues identified in 2007, 2006, 2005, 2004, 2003, 2002, 2001 and 2000.
BEWARE: these vulnerability notes are not comprehensive. There are many more problems than these very few we've tried to address. Do not assume that addressing these issues makes your system secure. The best advice, as always, is to make sure your system is patched, a good Anti-virus is installed, a firewall is configured and your system is hardened by removing services which aren't required.

See also our Security: How to collection and be vigilant about the US-CERT Current Activity report -- it's updated regularly.

(ed) Reg Quinton, Information Systems and Technology,