[IS&T Security-FYI] Recent Microsoft Updates for Windows do not include Word fix
Monique Yeaton
myeaton at MIT.EDU
Thu Dec 14 15:20:00 EST 2006
---------------------------------
The Microsoft Bulletin Summary released on December 12 concerns
Security Bulletins MS06-072 through MS06-078, three of which are
listed as Critical and four rated as Important. The software and
systems affected are Windows 2000 SP4, Windows XP SP2, Windows XP
Professional, Windows Server 2003, Visual Studio 2005, Windows Media
Player 6.4 and Outlook Express versions 5.5 and 6.
A re-released patch for Excel 2002 (MS06-059) has also been included.
View Bulletin: <http://www.microsoft.com/technet/security/bulletin/
ms06-dec.mspx>
-----------------------------------
An Important Note on Word:
-----------------------------------
Although there are three known (zero-day) vulnerabilities in
Microsoft Word, they are not being addressed with this release. A
Microsoft spokesman said the company has not ruled out releasing a
separate fix before the next monthly release in January 2007. The
Word vulnerability, which affects at least nine Mac and PC versions
of Word and Microsoft Works, has been given the highest possible
alert rating of "extremely critical" by security firm Secunia. We
recommend exercising caution when handling Word documents received
from untrusted sources.
-------------------
Apply Updates:
-------------------
Not updating your software could leave your computer vulnerable to
exploit code. We strongly suggest to update your system with these
patches unless your local system administrator instructs you to do
otherwise. Some of these updates may require restarts.
The very best first line of defense against vulnerabilities is to
take Microsoft patches automatically whenever feasible. We want to
thank everyone who already uses Microsoft's Automatic Update Service
or MIT's local Windows Automatic Update Service. Using virus
detection software such as McAfee's VirusScan <http://itinfo.mit.edu/
product.php?name=virusscan&platform=Windows> is also an effective way
to protect your system.
Resources:
CERT Advisory
<http://www.us-cert.gov/cas/techalerts/TA06-346A.html>
Microsoft Security Bulletin Summary for December 2006
<http://www.microsoft.com/technet/security/bulletin/ms06-dec.mspx>
Microsoft Update
<https://update.microsoft.com/microsoftupdate/>
Windows Server Update Services
<http://www.microsoft.com/windowsserversystem/updateservices/
default.mspx>
Microsoft Office 2004 for Mac
<http://www.microsoft.com/mac/downloads.aspx?pid=download&location=/
mac/download/office2004/Office2004_11.3.1.xml>
Microsoft Office v. X for Mac Security Update
<http://www.microsoft.com/mac/downloads.aspx?pid=download&location=/
mac/download/officex/OfficeX_12_12_2006.xml>
Sincerely,
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
N42-040, tel: (617) 253-2715
More information about the ist-security-fyi
mailing list