ITC Announcement/Important U.Va. Computer Security Issue Requiring Your Attention

February 13, 2004

This message was approved for distribution by Leonard W. Sandridge, Executive Vice President and Chief Operating Officer, and Gene D. Block, Vice President and Provost.

To All U.Va. Faculty and Staff,

Along with the rest of the world, the University continues to see serious security threats to computers through various mechanisms. A dangerous new Microsoft vulnerability has just been identified and can have severe implications if exploited. In order to thwart potential attacks, it is essential that all workstations be protected. Unprotected machines can become compromised and can seriously affect the confidentiality of data and productivity of University faculty and staff.

Several actions on your part (listed below) are required to solve this current threat and to protect against similar threats in the future.

Note: If your computer is managed by HSCS or Facilities Management, these actions will be performed by the local system administrator. If you are uncertain about systems administration of your device, contact your Local Support Partner (LSP). Faculty and staff at the UVa College at Wise should follow instructions provided by the Director of Technology at Wise.

  1. Windows users should run Windows Update immediately by going to

    http://windowsupdate.microsoft.com

    and installing all critical updates.

  2. Configure Windows computers to automatically apply critical updates daily. You have three choices:
    1. If you do not utilize the patch management service listed below, machines should be configured to automatically run Windows Update daily. Those instructions can be found at

      http://support.microsoft.com/default.aspx?scid=kb;EN-US;306525

    2. Take advantage of the new free Windows patch management service that automatically applies critical updates -- that have already been tested for the University environment -- to your computer. This service is available to faculty and staff through ITC (Information Technology and Communication). See

      http://www.itc.virginia.edu/microsys/patchmanagement.html

      or send email to itc-microsystems@virginia.edu.

    3. Your department can set up its own automatic patching system, and several have already done this.

  3. Both Windows and Macintosh users should configure their computers to automatically update virus definitions daily. For instructions, please look at the documentation on ITC's Software Central about configuring Norton AntiVirus at

    http://www.itc.virginia.edu/desktop/central/display/versions.php3?softwareID=19&nav=title

  4. All computers that connect to the U.Va. network should be registered. If your device is not already registered, this can be done at

    http://www.web.virginia.edu/microsys/register

    Registration enables quick and direct contact with users of compromised machines.

Thank you for your help with this very important issue.

Sincerely,
Robert E. Reynolds, M.D.
Vice President and Chief Information Officer

Posted 02/13/04

© 2008 by the Rector and Visitors of the University of Virginia.

The information contained on the University of Virginia’s Department of Information Technology and Communication (ITC) website is provided as a public service with the understanding that ITC makes no representations or warranties, either expressed or implied, concerning the accuracy, completeness, reliability or suitability of the information, including warrantees of title, non-infringement of copyright or patent rights of others. These pages are expected to represent the University of Virginia community and the State of Virginia in a professional manner in accordance with the University of Virginia’s Computing Policies.