[2191] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, February 8, 2010
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Feb 8 10:24:01 2010
From: Monique Yeaton <myeaton@mit.edu>
To: "ist-security-fyi@mit.edu" <ist-security-fyi@mit.edu>
Date: Mon, 8 Feb 2010 10:23:15 -0500
Message-ID: <E3560CFE983F2C4C82277F69E11BCF3A014EAC16D4@EXPO8.exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Cc: "itss@mit.edu" <itss@mit.edu>
Content-Type: text/plain; charset="utf-8"
Errors-To: ist-security-fyi-bounces@mit.edu
Content-Transfer-Encoding: 8bit
In this issue:
1. Microsoft Security Updates2. Microsoft Warns of IE Flaw3. Laptop Loss & Theft at MIT
---------------------------------------1. Microsoft Security Updates---------------------------------------
On Tuesday, February 9, Microsoft intends to release 13 security bulletins, 5 of which are critical, to address 26 vulnerabilities. Systems affected:
• Windows (all supported versions) • Office XP, 2003, and 2004 for Mac
In addition to the patches, Microsoft is also planning to release an updated version of the Microsoft Malicious Software Removal Tool.
Read the advance notification in full here:<http://www.microsoft.com/technet/security/bulletin/ms10-feb.mspx>
---------------------------------------2. Microsoft Warns of IE Flaw---------------------------------------
Last week Microsoft issued Security Advisory 980088 to address a vulnerability in Internet Explorer that may allow information disclosure for Windows XP users who have disabled Internet Explorer Protected Mode. The advisory explains that content can be found to render incorrectly from local files in such a way that information can be exposed to malicious websites. A demo provided by Core Security Technologies at the Black Hat DC conference last week showed how an attacker could read every file on a filesystem when a user was running Internet Explorer.
Versions affected:
• IE 6, 7, and 8 on supported editions of Windows XP and Windows Server 2003
Microsoft noted that Protected Mode prevents exploitation of this vulnerability and is running by default in IE 7 and IE 8 on Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2.
No patch has been released yet for this vulnerability.
Read the full bulletin here:<http://www.microsoft.com/technet/security/advisory/980088.mspx>
---------------------------------------3. Laptop Loss & Theft at MIT---------------------------------------
According to a report by Dell Inc, a laptop is lost or stolen every 53 seconds in the U.S. At MIT the number of reported lost or stolen computers averages at around 100 per year. While those numbers are certainly not as impressive, think about how it would affect you, should your laptop go missing.
There are various steps you can take to protect the information on your laptop in the event it falls into the wrong hands. Tips for laptop protection can be found here: <http://ist.mit.edu/security/support/traveling>
In addition, there are steps you can take to deter a thief from taking you laptop. The MIT police offer STOP tags to anyone who registers their laptop on campus. STOP tags are a loss prevention measure and are a visible deterrent against theft of small electronic devices. Once applied it takes 24 hours for the glue to cure. Then it takes up to 800 pounds of pressure to remove the tag. If removed, it leaves a tattoo stating stolen property.
You can have your laptop tagged and registered for only $10 cash on the following dates. (Techcash is not accepted. If a departmental payment, be sure you have the cost object code so the fee can be charged back to your department.)
February 10, 11:30 - 1:30
Student Street in Stata
February 17, 11:30 - 1:30
Student Street in Stata
February 18, 11:30 - 1:30
Lobby 10
For more information on computer loss, theft and theft deterrents see:<http://ist.mit.edu/security/support/loss>
Monique YeatonIT Security Awareness ConsultantInformation Services & Technology, MIThttp://ist.mit.edu/security
_______________________________________________ist-security-fyi mailing listist-security-fyi@mit.eduTo Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
