[242] in Security FYI
[Security-fyi] Security Advisory: Critical Microsoft Vulnerability
daemon@ATHENA.MIT.EDU (Tim McGovern)
Fri Apr 16 15:21:18 2004
Message-ID: <408003FD.1060100@mit.edu>
Date: Fri, 16 Apr 2004 12:04:13 -0400
From: Tim McGovern <tjm@mit.edu>
MIME-Version: 1.0
To: aac-aoquery@mit.edu, itpartners@mit.edu, netusers@mit.edu,
security-fyi@mit.edu
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: is&t@mit.edu
cc: rccsuper@mit.edu
cc: cfyi@mit.edu
cc: itss@mit.edu
Errors-To: security-fyi-bounces@mit.edu
Colleagues,
Please be aware of a developing security threat, and see below for
further details:
=============================================================
Date: April 16, 2004
Advisory: Microsoft Security Bulletin MS04-011
Affected: Microsoft Windows computers only
Impact: Unpatched computers can be compromised by
remote intruders, leading to loss of data and
computer availability
Actions to Take:
1. Backup critical MIT and user data
2. Apply patch from Microsoft site
=============================================================
On April 13, Microsoft announced a critical patch for a major vulnerability in
all currently supported Windows operating systems. In an effort to minimize the
impact of this vulnerability, Information Technology Security Support urges you
to ensure that your Microsoft Windows systems are brought up to current patch
levels immediately.
PROTECTING YOURSELF / TAKING PRECAUTIONS
--------------------------------------------
We want to thank the many departments and individuals who are already taking
Microsoft patches automatically. This action is the very best first line of
defense against vulnerabilities such as this one. If your computer is not set
to take patches automatically, you need to install the patch provided by
Microsoft to fix the security problem that gives remote intruders the means to
break into your computers. There are two ways to accomplish this.
We strongly recommend resolving this situation by going to Windows Update
(http://windowsupdate.microsoft.com/) and installing all Critical Updates. You
may need to repeat the update process until there are no more Critical Updates
to install, and this may require multiple restarts of your system.
If you have a local system administrator who maintains your computer, you should
consult with them first, and allow them to install this patch.
You can may obtain the update manually (along with additional technical details)
at Microsoft's bulletin MS04-011
(http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx).
Go to the "Tested Software and Security Update Download Locations" section of
that web page, and download the patch that pertains to your particular operating
system.
OPERATING SYSTEMS NOT SUPPORTED BY MICROSOFT
--------------------------------------------
Microsoft offers only limited support for the Windows 98 and Windows ME
operating systems. At this point, Microsoft does not believe this vulnerability
is critical for any of these platforms, and there are no patches available for
them.
Based on Microsoft's support stance, IS&T strongly recommends that users on
these platforms migrate as quickly as possible to a supported OS. Upgrade media
is available by contacting Volume License Software Distribution <vsls@mit.edu>.
This patch is not currently a part of any service packs released by Microsoft.
Therefore it is not installed on your system unless you or your local system
administrator have installed it--either by downloading it from Microsoft or
visiting Windows Update since 13 April 2004.
GET HELP
--------------------------------------------
If you would like assistance from Information Services and Technology, please
contact the Computing Help Desk at x3-1101 or <computing-help@mit.edu>.
Tim McGovern
Information Services & Technology
I/T Security Support
_______________________________________________
Security-fyi mailing list
Security-fyi@mit.edu
http://mailman.mit.edu/mailman/listinfo/security-fyi
