Campus finds security flaw, advises immediate update

The campus scanning service has detected a serious security vulnerability in many systems connected to the UC Davis computer network. If you run a computer that uses a Microsoft operating system, and have not patched it yet, you need to patch it now.

On Nov. 3 the campus changed the daily campus Nessus scan to detect a critical issue described in Microsoft Corp. security bulletin MS08-067, or "Vulnerability in Server Service Could Allow Remote Code Execution."

The remote procedure call vulnerability, Microsoft says, could be used to create "a wormable exploit." A worm is a self-replicating computer virus that can do significant damage. Microsoft released a patch to fix the problem on Oct. 23, meaning that customers who update their systems at least weekly should have already applied it. If not, they should install the patch now.

Campus system administrators can check information posted at secalert.ucdavis.edu to see if their systems are vulnerable. Technical contacts for VLANs (virtual local area networks) will receive an email notice if the scan reveals the vulnerability on their networks.

Information and Educational Technology is also blocking malicious traffic from the exploit.

To help keep the UC Davis computer network and your own devices secure as a matter of routine, run Windows Updates on any systems that connect to the network. Read more here. Direct questions to IT Express, the Campus Computing Services Help Desk, at (530) 754-HELP (4357).