On July 16, Microsoft announced the availability of a security patch for all NT-type systems (NT4, Windows 2000, Windows XP, Windows 2003). This patch eliminates a problem that could allow a remote attacker to execute code on your computer just by sending specially crafted packets to it across the Internet. This vulnerability is similar to last January’s SQL ‘Sapphire’ or ‘Slammer’ worm that spread in minutes.

• The network border router helps block attacks coming from outside the SLAC network.

• Windows XP machines in the SLAC Active Directory were patched remotely.

• Other systems are being patched as quickly as desktop support people can get to them.

Attempts to exploit the vulnerability could result in major outages for the Internet and/or large numbers of machines falling under the control of attackers. These attackers could have full access to all the data on your computer and could monitor everything you type at the keyboard.

The remaining vulnerability comes from SLAC users or staff who connect unpatched Windows machines to the SLAC network (either directly or through a VPN connection). This is a SERIOUS problem that can be resolved only by bringing all systems up-to-date with critical patches.

Desktop administrators have taken care of SLAC-supported Windows computers on site. For non-SLAC maintained Windows machines connected to the SLAC network directly or through a VPN, it is vitally important that you login with administrator privileges, bring up Internet Explorer (IE) and run the Windows Update function. (The exact location depends on the version of IE. For recent versions, check under the Tools menu.)

If your system has not been patched recently, there may be a large number of ‘critical updates’ to apply. You may have to go through multiple download-install-reboot cycles. Do NOT attempt a shortcut by not rebooting when instructed to do so—the result may be a non-functional system. You should also refer to the computer manufacturer’s website, typically in the support download section, for device drivers that should be updated.

NT4 Machines: You will need to take additional steps. Download and open the file at http://download.microsoft.com/download/6/5/1/651c3333-4892-431f-ae93-bf8718d29e1a/Q823980i.EXE and follow the instructions. Reboot to complete the patching process.

Remember, it’s a good idea to run Windows Update at least once a week to apply any new patches to your home systems. If you are running NT4, plan on moving to Windows XP as soon as possible since security patches are no longer available.