[IS&T Security-FYI] Critical Microsoft Updates Released Nov. 14

Monique Yeaton myeaton at MIT.EDU
Thu Nov 16 10:27:57 EST 2006 

------------------------

**Microsoft Updates are Released for Critical Vulnerabilities found  
in Windows machines**

The Bulletin Summary Microsoft released this week concerns Security  
Bulletins MS06-066 through MS06-071, five of which are listed as  
Critical and one that is rated as Important.

<http://www.microsoft.com/technet/security/bulletin/ms06-nov.mspx>

Of most concern to the MIT community is MS06-070, a Workstation  
Service Memory Corruption Vulnerability. It can affect some pre- 
Windows XP SP2 machines as well XP SP2 machines that can be accessed  
with administrative privilege.  Server 2003 is not vulnerable.

Firewall best practices and standard default firewall configurations  
can help protect networks from attacks that originate outside the  
enterprise parameter. Best practices recommend that systems that are  
connected to the Internet have a minimal number of ports exposed.

Updates have been posted online or are automatically downloaded  
through Microsoft's Automatic Update Service. If you use MIT's local  
Windows Automatic Update Service (WAUS), the Windows updates will be  
downloaded after the necessary testing.

Download the update for Windows 2000:
http://www.microsoft.com/downloads/details.aspx?familyid=3ad5c57d- 
d3f6-46a1-8dee-3e16d0977f80&displaylang=en

Download the update for Windows XP:
http://www.microsoft.com/downloads/details.aspx? 
familyid=f4c8e767-4ed2-4e36-aa43-612f3017efc7&displaylang=en

----------------

The Microsoft updates address 6 different vulnerabilities in

-Windows 2000 and XP2
-Internet Explorer
-Macromedia Flash Player
-Microsoft Agent
-Microsoft XML core Service
-Client Service for NetWare.

To download all of the updates manually:
Visit Windows Update <http://go.microsoft.com/?LinkID=275655> and  
click "Scan for updates."

Visit the Protect your PC site <http://go.microsoft.com/? 
LinkID=263669> to learn how to have the latest security updates  
delivered directly to your computer.

The very best first line of defense against vulnerabilities is to  
take Microsoft patches automatically whenever feasible. We want to  
thank everyone who already uses Microsoft's Automatic Update Service  
or MIT's local Windows Automatic Update Service.

----------------

Resources:

Nov 2006 Bulletin Summary, which includes details of each of the  
vulnerabilities: <http://www.microsoft.com/technet/security/bulletin/ 
ms06-nov.mspx>


Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
N42-040, tel: (617) 253-2715

More information about the ist-security-fyi mailing list