[199] in Security FYI
[Security-fyi] A brief update on the MS03-026 situation on campus
daemon@ATHENA.MIT.EDU (Bob Mahoney)
Wed Jul 30 18:06:55 2003
Mime-Version: 1.0
Message-Id: <p05200f26bb4df132275d@[66.93.190.33]>
Date: Wed, 30 Jul 2003 18:05:44 -0400
To: security-fyi@MIT.EDU
From: Bob Mahoney <bobmah@MIT.EDU>
Content-Type: text/plain; charset="us-ascii"
Errors-To: security-fyi-bounces@mit.edu
We've had some questions, so:
At the moment we have had roughly 190 machines compromised by this exploit. The attacks have been spread fairly evenly among administrative, faculty, and student machines.
We are seeing some escalation in the rate of compromise, with roughly 3 machines being successfully attacked every hour.
There has been some increased sophistication in the use of the compromised machines, such as machines being gathered together in a group that can be remotely controlled to act in concert. (One department had 14 machines compromised last night, and organized into such a network)
One new issue has come up: At least some Windows 2000 machines, which HAVE been patched, have been shown to still be vulnerable to a denial-of-service attack via this exploit. (XP appears to not share this problem) We're not aware of any examples of this on campus, but we'll pass along any available information should this become a factor.
-Bob
_______________________________________________
Security-fyi mailing list
Security-fyi@mit.edu
http://mailman.mit.edu/mailman/listinfo/security-fyi
