[310] in Security FYI
[Security-fyi] Critical Microsoft Security Patch Released
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Wed Sep 27 17:47:40 2006
Mime-Version: 1.0 (Apple Message framework v752.2)
To: security-fyi@MIT.EDU
Message-Id: <D336E1EC-B339-49FC-9D13-A5FB1657CE46@mit.edu>
From: Monique Yeaton <myeaton@MIT.EDU>
Date: Wed, 27 Sep 2006 17:46:08 -0400
Content-Type: multipart/mixed; boundary="===============0289475746=="
Errors-To: security-fyi-bounces@MIT.EDU
--===============0289475746==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
You have received this email because you are on the Security-fyi Mailing List.
If you wish to change your mailing list settings or if you wish to unsubscribe, access the Mailman list information using the browser link at the foot of this message.
If you wish to post to the list, please send your message to security-fyi@mit.edu.
If you would like to contact the list owner, please send a message to security-fyi-owner@mit.edu.
--===============0289475746==
Content-Type: multipart/alternative; boundary=Apple-Mail-16-697742064
--Apple-Mail-16-697742064
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=ISO-8859-1;
delsp=yes;
format=flowed
------------------------
For Windows Users:
If you are one of many Microsoft Internet Explorer users at MIT =20
(recent analysis puts that number at around 40%) then you will want =20
to make sure you have the recent update released by Microsoft. On =20
September 26, 2006, Microsoft announced a fix for a major problem =20
identified as Microsoft Bulletin MS06-055.
If you use a Windows machine running Internet Explorer you should =20
apply the update immediately unless your local system administrator =20
instructs you to do otherwise. The update is available automatically =20
through WAUS http://web.mit.edu/ist/topics/windows/updates/ or from =20
the Microsoft Security Bulletin page http://www.microsoft.com/technet/=20=
security/Bulletin/MS06-055.mspx.
Summary of the problem: This patch addresses a user based exploit in =20
the Vector Markup Language. If you happen to browse to a specially =20
crafted Web page or view an HTML e-mail that exploits this =20
vulnerability, malicious code could potentially be downloaded to your =20=
computer, causing serious problems.
Please take the steps recommended below according to the version of =20
Windows you are running.
=B7 Microsoft Windows XP with Service Packs 1, 2 or Professional =20=
x64 Edition -- Download the update
=B7 Microsoft Windows Server 2003 with Service Pack 1 or SP1 for =20=
Itanium-based Systems -- Download the update
=B7 Microsoft Windows Server 2003 for Itanium-based Systems or =20
running x64 Edition -- Download the update
=B7 Microsoft Windows 2000 (all levels) -- Download the update
=B7 Other unsupported versions of Microsoft Windows -- Refer to =20
the Microsoft Bulletin referenced above.
The very best first line of defense against vulnerabilities is to =20
take Microsoft patches automatically whenever feasible. We want to =20
thank everyone who already uses Microsoft's Automatic Update Service =20
or MIT's local Windows Automatic Update Service, and if you already =20
use one of these services, the patch has likely already been =20
installed on your machine.
Thank you,
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
--Apple-Mail-16-697742064
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=ISO-8859-1
<HTML><BODY style=3D"word-wrap: break-word; -khtml-nbsp-mode: space; =
-khtml-line-break: after-white-space; "><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV>------------------------<DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV class=3D"MsoNormal">For =
Windows Users:</DIV><DIV class=3D"MsoNormal"><BR =
class=3D"khtml-block-placeholder"></DIV><DIV class=3D"MsoNormal">If you =
are one of many Microsoft Internet Explorer users at MIT (recent =
analysis puts that number at around 40%) then you will want to make sure =
you have the recent update released by Microsoft. On September 26, 2006, =
Microsoft announced a fix for a major problem identified as Microsoft =
Bulletin MS06-055. </DIV><DIV class=3D"MsoNormal">=A0<O:P></O:P></DIV><DIV=
class=3D"MsoNormal">If you use a Windows machine running Internet =
Explorer you should apply the update immediately unless your local =
system administrator instructs you to do otherwise. The update is =
available automatically through WAUS <A =
href=3D"http://web.mit.edu/ist/topics/windows/updates/">http://web.mit.edu=
/ist/topics/windows/updates/</A> or from the Microsoft Security Bulletin =
page <A =
href=3D"http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx">=
http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx</A>. =
</DIV><DIV class=3D"MsoNormal">=A0<O:P></O:P></DIV><DIV =
class=3D"MsoNormal">Summary of the problem: This patch addresses a user =
based exploit in the Vector Markup Language.=A0If you happen to browse =
to a specially crafted Web page or view an HTML e-mail that exploits =
this vulnerability,<SPAN style=3D"mso-spacerun: yes">=A0</SPAN>malicious =
code could potentially be downloaded to your computer, causing serious =
problems. </DIV><DIV class=3D"MsoNormal">=A0<O:P></O:P></DIV><DIV =
class=3D"MsoNormal">Please take the steps recommended below according to =
the version of Windows you are running.</DIV><DIV =
class=3D"MsoNormal">=A0<O:P></O:P></DIV><P class=3D"MsoNormal" =
style=3D"text-indent: -24px;margin-left: 0.25in; "><SPAN style=3D""><FONT =
class=3D"Apple-style-span" face=3D"Symbol">=B7</FONT><SPAN =
style=3D"font:7.0pt " times=3D"" new=3D"" roman""=3D"">=A0=A0=A0=A0=A0 =
</SPAN></SPAN>Microsoft Windows XP with Service Packs 1, 2 or =
Professional x64 Edition -- Download the update</P><P class=3D"MsoNormal" =
style=3D"text-indent: -24px;margin-left: 0.25in; "><SPAN style=3D""><FONT =
class=3D"Apple-style-span" face=3D"Symbol">=B7</FONT><SPAN =
style=3D"font:7.0pt " times=3D"" new=3D"" roman""=3D"">=A0=A0=A0=A0=A0 =
</SPAN></SPAN>Microsoft Windows Server 2003 with Service Pack 1 or SP1 =
for Itanium-based Systems<SPAN style=3D"mso-spacerun: yes">=A0 </SPAN>-- =
Download the update</P><P class=3D"MsoNormal" style=3D"text-indent: =
-24px;margin-left: 0.25in; "><SPAN style=3D""><FONT =
class=3D"Apple-style-span" face=3D"Symbol">=B7</FONT><SPAN =
style=3D"font:7.0pt " times=3D"" new=3D"" roman""=3D"">=A0=A0=A0=A0=A0 =
</SPAN></SPAN>Microsoft Windows Server 2003 for Itanium-based Systems or =
running x64 Edition -- Download the update</P><P class=3D"MsoNormal" =
style=3D"text-indent: -24px;margin-left: 0.25in; "><SPAN style=3D""><FONT =
class=3D"Apple-style-span" face=3D"Symbol">=B7</FONT><SPAN =
style=3D"font:7.0pt " times=3D"" new=3D"" roman""=3D"">=A0=A0=A0=A0=A0 =
</SPAN></SPAN>Microsoft Windows 2000 (all levels) -- Download the =
update</P><P class=3D"MsoNormal" style=3D"text-indent: =
-24px;margin-left: 0.25in; "><SPAN style=3D""><FONT =
class=3D"Apple-style-span" face=3D"Symbol">=B7</FONT><SPAN =
style=3D"font:7.0pt " times=3D"" new=3D"" roman""=3D"">=A0=A0=A0=A0=A0 =
</SPAN></SPAN>Other unsupported versions of Microsoft Windows -- Refer =
to the Microsoft Bulletin referenced above.</P><DIV class=3D"MsoNormal" =
style=3D"text-indent: 0px;">=A0<O:P></O:P></DIV><DIV =
class=3D"MsoNormal">The very best first line of defense against =
vulnerabilities is to take Microsoft patches automatically whenever =
feasible. We want to thank everyone who already uses Microsoft's =
Automatic Update Service or MIT's local Windows Automatic Update =
Service, and if you already use one of these services, the patch has =
likely already been installed on your machine.</DIV><DIV =
class=3D"MsoNormal"><BR class=3D"khtml-block-placeholder"></DIV><DIV =
class=3D"MsoNormal">Thank you,</DIV><DIV><BR><DIV> <SPAN =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><SPAN =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><DIV>Monique =
Yeaton</DIV><DIV>IT Security Awareness Consultant</DIV><DIV>MIT =
Information Services & Technology (IS&T)</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><BR =
class=3D"Apple-interchange-newline"></SPAN></SPAN> =
</DIV><BR></DIV></BODY></HTML>=
--Apple-Mail-16-697742064--
--===============0289475746==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
Security-fyi mailing list
Security-fyi@mit.edu
http://mailman.mit.edu/mailman/listinfo/security-fyi
--===============0289475746==--
