[2258] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, April 12, 2010
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Apr 12 11:33:37 2010
Message-Id: <1AA1A161-C6CD-4CDB-BC7F-7BAC59A99D5B@mit.edu>
From: Monique Yeaton <myeaton@MIT.EDU>
To: ist-security-fyi@MIT.EDU
Mime-Version: 1.0 (Apple Message framework v936)
Date: Mon, 12 Apr 2010 11:32:46 -0400
Cc: itss@MIT.EDU
Content-Type: multipart/mixed; boundary="===============1045732656=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============1045732656==
Content-Type: multipart/alternative; boundary=Apple-Mail-53-721391004
--Apple-Mail-53-721391004
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
In this issue:
1. Microsoft Security Updates
2. Unsupported Windows Platforms
3. Adobe Vulnerabilities
-------------------------------------
1. Microsoft Security Updates
-------------------------------------
On Tuesday, April 13, Microsoft intends to release 11 security
bulletins, 5 of which are critical, to address 25 vulnerabilities.
Systems affected:
Windows and Windows Server (all supported versions)
Office XP, 2003 and 2007
Microsoft Exchange (all supported versions)
Read the advance notification in full here:
<http://www.microsoft.com/technet/security/bulletin/ms10-apr.mspx>
--------------------------------------------
2. Unsupported Windows Platforms
--------------------------------------------
Microsoft will be phasing out security updates for three of its
Windows platforms. It is therefore important that users add the newest
Service Pack for those platforms or upgrade to Windows 7.
The following platforms will no longer be receiving security updates:
Windows XP Service Pack 2 - no longer supported after July 13, 2010.
Recommended action: upgrade to Service Pack 3 or to Windows 7.
Windows 2000 - no longer supported after July 13, 2010. Recommended
action: upgrade to Windows 7.
Windows Vista RTM (Released to Manufacturing) - no longer supported
after April 13, 2010. Service Pack 1 will be supported until July 12,
2011. Recommended action: update to Service Pack 2 or upgrade to
Windows 7.
Microsoft Blog: <http://blogs.technet.com/msrc/archive/2010/04/08/april-2010-bulletin-release-advance-notification.aspx
>
------------------------------
3. Adobe Vulnerabilities
------------------------------
There have been several security threats targeting Adobe software
lately. The most recent are:
Adobe Acrobat and Reader: When users open a PDF that contains a launch
action, they may be convinced to open a separate file via the dialog
warning box that appears. The warning box does include wording to only
open and execute files from trusted sources. The default setting is to
not open the file. However, users can by-pass this warning in
Preferences by checking the box "Allow opening of non-PDF file
attachments with external applications," which would make users
vulnerable to dangerous files. An image of the default settings is
available here: <http://blogs.adobe.com/adobereader/assets_c/2010/04/trust_mgr_pref-2598.html
>
Adobe Update: The update mechanism for Adobe has come under attack
recently. Malware that bears identical icons and version details to an
Adobe update can trick users into believing it is legitimate. The
malware is a Trojan that can bypass antivirus software and systems. <http://blog.trendmicro.com/malware-spoof-an-adobe-update-and-vpskeys/
>
=
=
=
========================================================================
Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB
>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--Apple-Mail-53-721391004
Content-Type: text/html;
charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">In =
this issue:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">1. =
Microsoft Security Updates</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">2. Unsupported Windows =
Platforms</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">3. Adobe Vulnerabilities</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">-------------------------------------</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; ">1. Microsoft Security =
Updates</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">-------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">On Tuesday, April 13, Microsoft =
intends to release 11 security bulletins, 5 of which are critical, to =
address 25 vulnerabilities. Systems affected:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div>
<ul style=3D"list-style-type: disc">
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Arial">Windows and Windows Server (all supported versions)</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Office =
XP, 2003 and 2007</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Arial">Microsoft Exchange (all supported versions)</li>
</ul><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Read the advance notification in full =
here:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
15px/normal Calibri; "><span style=3D"font: 14.0px Arial"><<a =
href=3D"http://www.microsoft.com/technet/security/bulletin/ms10-apr.mspx">=
<span style=3D"font: 15.0px =
Calibri">http://www.microsoft.com/technet/security/bulletin/ms10-apr.mspx<=
/span></a>></span></div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; =
">--------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">2. =
Unsupported Windows Platforms</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; =
">--------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Microsoft will be phasing out =
security updates for three of its Windows platforms. It is therefore =
important that users add the newest Service Pack for those platforms or =
upgrade to Windows 7.</div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">The following platforms will no longer be receiving security =
updates:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div>
<ul style=3D"list-style-type: disc">
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Helvetica">Windows XP Service Pack 2 - no longer supported after July =
13, 2010. Recommended action: upgrade to Service Pack 3 or to Windows =
7.</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Helvetica">Windows 2000 - no longer supported after July 13, 2010. =
Recommended action: upgrade to Windows 7.</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Helvetica">Windows Vista RTM (Released to Manufacturing) - no longer =
supported after April 13, 2010. Service Pack 1 will be supported until =
July 12, 2011. Recommended action: update to Service Pack 2 or upgrade =
to Windows 7.</li>
</ul><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Microsoft Blog: <<a =
href=3D"http://blogs.technet.com/msrc/archive/2010/04/08/april-2010-bullet=
in-release-advance-notification.aspx">http://blogs.technet.com/msrc/archiv=
e/2010/04/08/april-2010-bulletin-release-advance-notification.aspx</a>>=
</div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">------------------------------</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">3. Adobe =
Vulnerabilities</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">There have been several security =
threats targeting Adobe software lately. The most recent are:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div>
<ul style=3D"list-style-type: disc">
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Helvetica">Adobe Acrobat and Reader: When users open a PDF that contains =
a launch action, they may be convinced to open a separate file via the =
dialog warning box that appears. The warning box does include wording to =
only open and execute files from trusted sources. The default setting is =
to not open the file. However, users can by-pass this warning in =
Preferences by checking the box "Allow opening of non-PDF file =
attachments with external applications," which would make users =
vulnerable to dangerous files. An image of the default settings is =
available here: <<a =
href=3D"http://blogs.adobe.com/adobereader/assets_c/2010/04/trust_mgr_pref=
-2598.html">http://blogs.adobe.com/adobereader/assets_c/2010/04/trust_mgr_=
pref-2598.html</a>></li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Helvetica"></li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Helvetica">Adobe Update: The update mechanism for Adobe has come under =
attack recently. Malware that bears identical icons and version details =
to an Adobe update can trick users into believing it is legitimate. The =
malware is a Trojan that can bypass antivirus software and systems. =
<<a =
href=3D"http://blog.trendmicro.com/malware-spoof-an-adobe-update-and-vpske=
ys/">http://blog.trendmicro.com/malware-spoof-an-adobe-update-and-vpskeys/=
</a>></li>
</ul><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; =
">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Find current and older issues =
of Security FYI Newsletter: <<a =
href=3D"http://kb.mit.edu/confluence/x/ehBB"><span =
style=3D"text-decoration: underline ; color: =
#2151aa">http://kb.mit.edu/confluence/x/ehBB</span></a>></div></div><br=
><font class=3D"Apple-style-span" size=3D"4"><span =
class=3D"Apple-style-span" style=3D"font-size: 14px;"><span =
class=3D"Apple-style-span" style=3D"font-size: =
medium;"><br></span></span></font><div apple-content-edited=3D"true"><div =
style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><div><div><div>Monique Yeaton</div><div>IT Security =
Awareness Consultant</div><div>MIT Information Services & Technology =
(IS&T)</div><div>(617) 253-2715</div><div><a =
href=3D"http://ist.mit.edu/security">http://ist.mit.edu/security</a></div>=
<div><br></div><br></div></div><br></div></span><br =
class=3D"Apple-interchange-newline"></div><br =
class=3D"Apple-interchange-newline"> </div><br></body></html>=
--Apple-Mail-53-721391004--
--===============1045732656==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1045732656==--
