ARCHIVE SITE - Last updated Jan. 19, 2017. Please visit www.NACWA.org for the latest NACWA information.


Member Pipeline

Clean Water Current - October 24, 2008 Special Edition

Print

Vulnerability in Microsoft Windows Could Allow Remote Cyber Attacks

This morning, the Department of Homeland Security (DHS) began informing security partners, including NACWA, that Microsoft has identified a cyber vulnerability that impacts Windows-based remote access systems. 

Microsoft released an emergency “out of band” update to Windows (http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx).  This is a vulnerability in the Windows Server service which could allow remote code execution through a specially crafted RPC request over the network.  On Windows 2000, Windows XP, and Windows Server 2003, the vulnerability may be invoked by unauthenticated users, and the vulnerability is rated critical.  On Windows Vista and Windows Server 2008 the users must be authenticated and the vulnerability is rated important.

This vulnerability is one of the rare type that could result in a true network worm, where a system could be successfully attacked over the network with no use or action at all.  The advisory states that “Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.”  Updates are available through all the usual channels including Windows Update.

The U.S. Computer Emergency Readiness Team (US-CERT) of DHS has more information about this vulnerability on its website, http://www.us-cert.gov/cas/techalerts/TA08-297A.html.  The website will be updated with any new information as it becomes available.  This information is public and may be made available to other utilities on a need to know basis.
 

Join NACWA Today

Membership gives you access to the tools to keep you up to date on legislative, regulatory, legal and management initiatives.

» Learn More

Legislative Update

Winter 2016 key

Regulatory Update

December 2016/January 2017 key

Member Update

Call For Nominations - 2017 NEAA Awards Members Only

Legal

Fall/Winter 2016 Update Members Only


Targeted Action Fund

Upcoming Events

Winter Conference
Next Generation Compliance …Where Affordability & Innovation Intersect
February 4 – 7, 2017
Tampa Marriott Waterside Hotel external.link
Tampa, FL

National Association of Clean Water Agencies
1130 Connecticut Ave. N.W., Washington D.C. 20036, p 202.833.2672, f 888.267.9505, info@nacwa.org
Terms & Conditions, ©2017 National Association of Clean Water Agencies