Students who dutifully contacted their information technology assistants at the start of the school year are now being told they need another patch --- for the same problem.
Last Wednesday, Microsoft released a new patch to fix three additional security flaws. The problems are in the DCOM RPC ports, which are electronic tools computers use to connect to the Internet. Flaws in these ports allowed the MS Blaster and Welchia worm to wreak havoc on computer systems across the nation earlier this summer.
As a preventative measure, the Office of Information Systems and Computing scanned campus computers for the flaw last Thursday, according to University Information Security Officer Dave Millar.
Of the 11,642 machines scanned by ISC, 7,524, or 64.6 percent, were vulnerable. Since the scan did not include Windows 98 users -- the flaw is found in most current Microsoft operating systems, with the notable exception of Me -- even more machines may be at risk, he said.
So far, no worm has been written to exploit these previously unseen flaws. However, Millar warned, one could be easily written by modifying the MS Blaster or Welchia code.
In order to address this potential risk, the ITAs are once again going door-to-door in the college houses to patch vulnerable machines.
"We want to be pre-emptive," Harrison College House ITA Manager and College senior Din Garcia said.
Although ITAs in Harrison and some other residences were hoping to get the majority of patching done by the end of today, some will be unable to do so due to the number of residents and ITA staff members.
"It was easier in the beginning of the year because there weren't set lab schedules," DuBois College House ITA Manager and Nursing senior Jamila Cowie said, adding that her house was in the process of determining when the repairs would be completed.
And the non-residential computing staff is on the move, too.
In order to give computing officials at the various schools, known as local support providers, time to install patches with minimal risk of attack, ISC blocked the use of some ports, Millar said. Officials were not sure when the ports would be turned back on.
User impact would be minimal, they added.
"We don't expect much of an impact from the student perspective," Director of Systems and Networking for Wharton Robert Zarazowski said.
Users "can't remotely mount a C-drive on a PennNet machine outside of Penn," Millar explained.
Although remotely accessing e-mail through Microsoft Outlook and Exchange was initially a concern, Millar said that ISC found a way to avoid the problem.
However, no numbers exist on how many servers or users would be affected by the port closings, he said.
"It seems like it's fine," said Bernadette Finnican, a second-year Wharton MBA who lives off-campus.
Although she had discussed the initial patch with Wharton Computing employees when setting up her computer, she said she did not know that another update was released on Tuesday.
The Daily Pennsylvanian is an independent, student-run newspaper. Please consider making a donation to support the coverage that shapes the University. Your generosity ensures a future of strong journalism at Penn.
DonatePlease note All comments are eligible for publication in The Daily Pennsylvanian.