[235] in Security FYI
[Security-fyi] Security Advisory: High-Risk Microsoft Vulnerability
daemon@ATHENA.MIT.EDU (Tim McGovern)
Thu Feb 12 06:21:27 2004
Message-ID: <402AFBC4.8A2D034C@mit.edu>
Date: Wed, 11 Feb 2004 23:06:28 -0500
From: Tim McGovern <tjm@mit.edu>
MIME-Version: 1.0
To: aac-aoquery@mit.edu, itpartners@mit.edu, netusers@mit.edu,
security-fyi@mit.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
cc: client-security@mit.edu
cc: is&t@mit.edu
cc: rccsuper@mit.edu
cc: cfyi@mit.edu
Errors-To: security-fyi-bounces@mit.edu
Colleagues,
Please be aware of a developing security threat, and see below for
further details:
=============================================================
http://web.mit.edu/net-security/www/MS04-007.html
Date: February 11, 2004
Advisory: Microsoft Security Bulletin MS04-007
Vulnerable systems: Microsoft Windows computers only
Impact: Unpatched computers can be compromised by
remote intruders, leading to loss of data and
computer availability
Actions to Take:
1. Backup critical MIT and user data
2. Apply patch from Microsoft site
=============================================================
On 10 February 2004, Microsoft announced a critical patch for a major
vulnerability in all currently supported Windows operating systems. In an effort
to minimize the impact of this vulnerability, MIT's Network Security, in
conjunction with Information Services and Technology (IS&T), urges you to patch
all your Microsoft Windows systems immediately.
PROTECTING YOURSELF / TAKING PRECAUTIONS
--------------------------------------------
We want to thank the many departments and individuals who are already taking
Microsoft patches automatically. This action is the very best first line of
defense against vulnerabilities such as this one. If your computer is not set
to take patches automatically, you need to install the patch provided by
Microsoft to fix the security problem that gives remote intruders the means to
break into your computers. There are two ways to accomplish this.
We strongly recommend resolving this situation by going to Windows Update
(http://windowsupdate.microsoft.com/) and installing all Critical Updates. You
may need to repeat the update process until there are no more Critical Updates
to install, and this may require multiple restarts of your system.
If you have a local system administrator who maintains your computer, you should
consult with them first, and allow them to install this patch.
You can may obtain the update manually (along with additional technical details)
at Microsoft's bulletin MS04-007
(http://www.microsoft.com/technet/security/bulletin/MS04-007.asp). Go to the
"Download locations for this patch" section of that web page, located under
"Patch availability."
OPERATING SYSTEMS NOT SUPPORTED BY MICROSOFT
--------------------------------------------
Microsoft offers only limited support for the Windows 95, Windows 98, and
Windows ME operating systems. At this point, Microsoft has not commented on the
vulnerability of these platforms, and there are no patches available for them.
Based on Microsoft's support stance, IS&T strongly recommends that users on
these platforms migrate as quickly as possible to a supported OS. Upgrade media
is available by contacting Volume License Software Distribution <vsls@mit.edu>.
This patch is not currently a part of any service packs released by Microsoft.
Therefore it is not installed on your system unless you or your local system
administrator have installed it--either by downloading it from Microsoft or
visiting Windows Update since 11 February 2004.
GET HELP
--------------------------------------------
If you would like assistance from Information Services and Technology, please
contact the Computing Help Desk at x3-1101 or <computing-help@mit.edu>.
Tim McGovern
Information Services & Technology
IT Security Services
_______________________________________________
Security-fyi mailing list
Security-fyi@mit.edu
http://mailman.mit.edu/mailman/listinfo/security-fyi
