[IS&T Security-FYI] Recent Microsoft Updates for Windows do not include Word fix

[Monique Yeaton]

---------------------------------

The Microsoft Bulletin Summary released on December 12 concerns  
Security Bulletins MS06-072 through MS06-078, three of which are  
listed as Critical and four rated as Important. The software and  
systems affected are Windows 2000 SP4, Windows XP SP2, Windows XP  
Professional, Windows Server 2003, Visual Studio 2005, Windows Media  
Player 6.4 and Outlook Express versions 5.5 and 6.

A re-released patch for Excel 2002 (MS06-059) has also been included.

View Bulletin: <http://www.microsoft.com/technet/security/bulletin/ 
ms06-dec.mspx>

-----------------------------------
An Important Note on Word:
-----------------------------------

Although there are three known (zero-day) vulnerabilities in  
Microsoft Word, they are not being addressed with this release. A  
Microsoft spokesman said the company has not ruled out releasing a  
separate fix before the next monthly release in January 2007. The  
Word vulnerability, which affects at least nine Mac and PC versions  
of Word and Microsoft Works, has been given the highest possible  
alert rating of "extremely critical" by security firm Secunia. We  
recommend exercising caution when handling Word documents received  
from untrusted sources.

-------------------
Apply Updates:
-------------------

Not updating your software could leave your computer vulnerable to  
exploit code. We strongly suggest to update your system with these  
patches unless your local system administrator instructs you to do  
otherwise. Some of these updates may require restarts.

The very best first line of defense against vulnerabilities is to  
take Microsoft patches automatically whenever feasible. We want to  
thank everyone who already uses Microsoft's Automatic Update Service  
or MIT's local Windows Automatic Update Service. Using virus  
detection software such as McAfee's VirusScan <http://itinfo.mit.edu/ 
product.php?name=virusscan&platform=Windows> is also an effective way  
to protect your system.

Resources:

CERT Advisory
<http://www.us-cert.gov/cas/techalerts/TA06-346A.html>

Microsoft Security Bulletin Summary for December 2006
<http://www.microsoft.com/technet/security/bulletin/ms06-dec.mspx>

Microsoft Update
<https://update.microsoft.com/microsoftupdate/>

Windows Server Update Services
<http://www.microsoft.com/windowsserversystem/updateservices/ 
default.mspx>

Microsoft Office 2004 for Mac
<http://www.microsoft.com/mac/downloads.aspx?pid=download&location=/ 
mac/download/office2004/Office2004_11.3.1.xml>

Microsoft Office v. X for Mac Security Update
<http://www.microsoft.com/mac/downloads.aspx?pid=download&location=/ 
mac/download/officex/OfficeX_12_12_2006.xml>

Sincerely,

Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
N42-040, tel: (617) 253-2715