Critical security issue on Windows 7 and XP computers

[Canale, Andrew]

Hi All,

A critical security vulnerability has been discovered, which affects computers running Microsoft Windows 7 and earlier (including XP, server 2008). Windows 8 and 10 are unaffected.
The vulnerability compromises the Remote Desktop Protocol, and would allow malicious actors to access vulnerable computers. It also can spread automatically across a network once it's introduced.

Microsoft has released an update patch to defend against this, and the university is directing IT staff to apply this patch as widely as possible today (a 'drop everything and fix' priority level). We have deployed the patch automatically and a majority of our computers are already applying the patch. However, we have identified some systems that are not patching correctly. Given the criticality and time-sensitive nature in this case, today I may connect over the network to affected computers, in order to apply the patch manually. There will almost certainly be more to do next week including physical visits to some computers, so please look out for further communications.

More info: https://nvd.nist.gov/vuln/detail/CVE-2019-0708

Thank you for your patience and understanding.

Andrew

[cid:image002.png at 01D424CE.59244880]
Andrew D. Canale
Systems Manager
College of Arts and Sciences Technology Services
1199 Physics Research Building, 191 W Woodruff Ave, Columbus, OH 43210
614-292-4767 Office
canale.6 at osu.edu<mailto:canale.6 at osu.edu> asctech.osu.edu<http://asctech.osu.edu/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osu.edu/pipermail/physics-staff-df/attachments/20190517/530c6550/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 3056 bytes
Desc: image001.png
URL: <http://lists.osu.edu/pipermail/physics-staff-df/attachments/20190517/530c6550/attachment.png>