Affected service(s): (Please see the list of impacted services below in the message body)
Start date and time: 04/14/22 08:00 PM
End date and time: 04/14/22 09:00 PM
ISC will be patching ISC-managed Windows servers, tonight at 8 PM, for a recently discovered critical vulnerability. The vulnerability is in the Microsoft RPC service and could be exploited to allow an attacker to use remote code execution to gain control over systems. Although the targeted port is blocked at the border firewall, an attacker could still use a proxy system inside the Penn network to gain access.
Reboots of impacted servers will be required, and a brief outage should be expected. The impacted services include, but are not limited to:
- KITE AD
- Active Roles
- Virtual Desktop
- Penn Global iOffice
- BlackBoard
- SALTO
- StarRez
- Inn@Penn
- BigFix
- ACD/ININ
- Law, GSE, SP2 Pharos
- OAC Teammate
- Qlikview/nPrint
- Fres Tririga
- Polaris
For more information about the vulnerability, please see:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809