[AdvisorBits] GilbertWalker Group - Security Supplement 09-20-2001

[John Walker]

This is an urgent supplement to AdvisorBits, an informational newsletter
published monthly by GilbertWalker Group. We are releasing this information
at this time, because of the extremely rapid propagation of the NIMDA
worm/virus and because of the damage caused to the network infrastructure by
infected hosts. 

Our recommendation:

If you read email on a Windows machine, if you browse the web on a Windows
machine,
if you have a Windows IIS web server, YOU ARE VUNERABLE unless you know you
have applied all security updates to your Windows machine(s). You must apply
all Critical Updates to your operating system. Either ask your network
administrator for instructions, or open your MS Internet Explorer browser
(Netscape will not work), and go to:

http://windowsupdate.microsoft.com/

Click on "Product Updates" and follow instructions there to apply all
Critical Updates. (If you are on a dial-up link this may take a long time.)
You may have to repeat this process several times, rebooting your machine
between some of the updates. 

Windows 2000 should have Service Pack 2 and all the updates for Internet
Explorer 5.5 SP2 (We understand there may be a few kinks still in IE 6, and
don't really recommend installing this at the current time.)

Windows NT should have Service Pack 6a, and several additional scurrility
updates, in addition to the latest updates and patches for Internet Explorer
5.5 SP2

All versions of Windows are venerable, and should be updated in a similar
fashion, applying all Critical Updates.

If you run IIS, make sure you've applied all the patches; specific
instructions can be found at:
http://www.microsoft.com/technet/security/bulletin/MS01-044.asp

If you have been infected, the recommended course of action is to
immediately disconnect the host from the network, format the hard drives,
reinstall the operating system and reapply all service patches.

For more information, you can see this Security Focus detailed report, which
also contains links to various virus detection software information on the
topic.
http://www.incidents.org/react/nimda.php

WARNING:
It is not unheard of that upgrades like these will have adverse effects on
the stability of a few very specialized applications. Although generally it
is safe to install these upgrades, in rare instances the upgrades will cause
other problems. If you know or suspect this to be the case, you should
contact the software manufacturer, and ask how THEY recommend that you
protect yourself from this worm/virus.

If you require our assistance performing these updates or have additional
questions, please contact us to schedule an appointment:
(info@gilbertwalker.com) For more information about GilbertWalker Group LLC,
please see our website: http://www.gilbertwalker.com