[264] in Security FYI
[Security-fyi]
daemon@ATHENA.MIT.EDU (Tim McGovern)
Wed Jan 12 16:43:38 2005
Mime-Version: 1.0 (Apple Message framework v619)
Content-Transfer-Encoding: 7bit
Message-Id: <0895EEE9-64DD-11D9-AFE6-000A95ABC792@mit.edu>
Content-Type: text/plain; charset=US-ASCII; format=flowed
To: I/T Security FYI List <security-fyi@mit.edu>
From: Tim McGovern <tjm@mit.edu>
Date: Wed, 12 Jan 2005 16:00:47 -0500
Errors-To: security-fyi-bounces@mit.edu
Colleagues,
IS&T's I/T Security Support is notifying the community of multiple
security problems which affect the users of Microsoft Windows
computers.
On January 11, 2005, Microsoft announced a fix for two major problems
within one or more Windows operating systems supported by MIT. The
specific vulnerabilities are listed as critical and would allow remote
code to be executed on your system. There was another fix also
announced, but of lower criticality. For more information on
Microsoft's ratings of security vulnerabilities, refer to
http://www.microsoft.com/technet/security/bulletin/rating.mspx.
The first critical vulnerability is identified as Microsoft Security
Bulletin MS05-001 -- Vulnerability in HTML Help Could Allow Code
Execution
(http://www.microsoft.com/technet/security/bulletin/MS05-001.mspx).
The second critical vulnerability is identified as Microsoft Security
Bulletin MS05-002 -- Vulnerability in Cursor and Icon Format Handling
Could Allow Remote Code Execution
(http://www.microsoft.com/technet/security/bulletin/MS05-002.mspx).
These critical vulnerabilities could possibly give someone the ability
to break into, and use, your computer for their own purposes. If this
happens your personal, sensitive or other data may be revealed or
destroyed. It may also result in your computer being used to break
into other computers here at MIT or elsewhere.
We suggest that the updates be applied to all of your affected
Microsoft Windows systems immediately unless your local system
administrator -- the person who maintains your computer's software --
has instructed you to do otherwise. Please take the steps recommended
below according to the version of Windows you are running.
Windows XP Service Pack 2 Apply the update provided by Microsoft
for MS05-001 only;
Windows XP Service Pack 2 is not affected
by MS05-002.
Windows XP Service Pack 1 Either upgrade to Windows XP Service Pack
2 or apply both updates
provided by Microsoft.
Windows 2000 (all levels) Either upgrade to Windows XP Service Pack
2 or apply updates
provided by Microsoft.
Other unsupported versions Refer to the Microsoft Bulletins
referenced above.
of Microsoft Windows
The very best first line of defense against vulnerabilities is to take
Microsoft patches automatically whenever feasible. We want to thank
everyone who already uses Microsoft's Automatic Update service
(http://windowsupdate.microsoft.com/) or MIT's local Windows Update
Service (http://waus.mit.edu/), and if you already use one of these
services, the patch has likely already been installed on your machine.
For further assistance, please contact IS&T I/T Security Support at
<security@mit.edu>, or the IS&T Computing Help Desk at x3-1101 or
<computing-help@mit.edu>.
Tim McGovern
Manager, I/T Security Support
Client Support Services
Information Services & Technology
Massachusetts Institute of Technology
77 Massachusetts Ave. Room N42-040k
Cambridge MA 02139-4307
_______________________________________________
Security-fyi mailing list
Security-fyi@mit.edu
http://mailman.mit.edu/mailman/listinfo/security-fyi
