Last revision May 7, 2004
Windows NT, 2000, XP, and 2003 Server contain a serious security flaw (called the LSASS vulnerability) that is being exploited by self-propagating worm programs on the Internet in the "Agobot/Gaobot/Phatbot" and "Sasser" families. Microsoft released a patch for this security flaw on April 13, 2004, named MS04-011 (KB835732). If you connect a Windows 2000 or XP computer to the Internet that does not have this patch, it is very likely that it will be infected by one or both of these worm families in a very short time. In one case in Earth Sciences, the PC was infected within four minutes of connecting to the network (after it had been off the network for a long time, and therefore not getting patches).
As part of the process of registering a Windows PC on the Earth Sciences network, you must install this patch while your PC is still on the "private" Earth Sciences net, where it is mostly shielded from these worms. You may also have been directed to this page if the system manager has determined that your already registered PC has, or is likely to have, the Agobot/Gaobot/Phatbot or Sasser worm, based on the network traffic pattern it is generating.
You must be logged into a Windows account with administrator privilege to install this patch.
WARNING: Some people have reported problems caused by installing this patch on Windows 2000 systems. In particular, Microsoft knowledge base article KB841382 notes that Windows 2000 systems that have the Nortel Networks VPN client or the "Imcide.sys" or "Dittape.sys" drivers installed, may become unusable after installing this MS04-011 critical update. They have a hotfix available by calling Microsoft (as described in that article). They also suggest disabling a specific agent within the Nortel Networks VPN client before installing this critical update. Very few people at Stanford are likely to have Nortel Networks VPN clients or the other two listed drivers installed on a Windows 2000 system. If you do, please be sure to review the KB841382 article before installing this critical update.
ITSS also reports that some computers crash after installing this update even though they don't fit the profile in Microsoft's KB841382 article (above). To avoid problems, ITSS recommends doing a full shutdown of the computer after installing this patch, all the way to power off, and then a power on, rather than a simple "restart". In some cases, the patch must be removed and re-installed in "Safe Mode".
If you follow the warnings above and your computer does not run correctly after installing this patch, then enter a HelpSU request to have our desktop support consultant review your system.
In spite of the occasional problems reported with this patch, you must install it to use your Windows PC on the Stanford network. Without this patch, your PC will be infected by a hacker worm program!
Download the patch installer program, named KB835732_installer.exe, and run it.
The KB835732 installer first checks to see if you already have the needed patch; if not, it will be installed. Note that this installer refers to the patch as the update for the "ASN.1" vulnerability. This patch fixes multiple vulnerabilities, of which ASN.1 is the first. The LSASS vulnerability, also fixed by this patch, is the one currently being exploited by hacker worm programs.