[IS&T Security-FYI] Critical Microsoft Updates Released Nov. 14
Monique Yeaton
myeaton at MIT.EDU
Thu Nov 16 10:27:57 EST 2006
------------------------
**Microsoft Updates are Released for Critical Vulnerabilities found
in Windows machines**
The Bulletin Summary Microsoft released this week concerns Security
Bulletins MS06-066 through MS06-071, five of which are listed as
Critical and one that is rated as Important.
<http://www.microsoft.com/technet/security/bulletin/ms06-nov.mspx>
Of most concern to the MIT community is MS06-070, a Workstation
Service Memory Corruption Vulnerability. It can affect some pre-
Windows XP SP2 machines as well XP SP2 machines that can be accessed
with administrative privilege. Server 2003 is not vulnerable.
Firewall best practices and standard default firewall configurations
can help protect networks from attacks that originate outside the
enterprise parameter. Best practices recommend that systems that are
connected to the Internet have a minimal number of ports exposed.
Updates have been posted online or are automatically downloaded
through Microsoft's Automatic Update Service. If you use MIT's local
Windows Automatic Update Service (WAUS), the Windows updates will be
downloaded after the necessary testing.
Download the update for Windows 2000:
http://www.microsoft.com/downloads/details.aspx?familyid=3ad5c57d-
d3f6-46a1-8dee-3e16d0977f80&displaylang=en
Download the update for Windows XP:
http://www.microsoft.com/downloads/details.aspx?
familyid=f4c8e767-4ed2-4e36-aa43-612f3017efc7&displaylang=en
----------------
The Microsoft updates address 6 different vulnerabilities in
-Windows 2000 and XP2
-Internet Explorer
-Macromedia Flash Player
-Microsoft Agent
-Microsoft XML core Service
-Client Service for NetWare.
To download all of the updates manually:
Visit Windows Update <http://go.microsoft.com/?LinkID=275655> and
click "Scan for updates."
Visit the Protect your PC site <http://go.microsoft.com/?
LinkID=263669> to learn how to have the latest security updates
delivered directly to your computer.
The very best first line of defense against vulnerabilities is to
take Microsoft patches automatically whenever feasible. We want to
thank everyone who already uses Microsoft's Automatic Update Service
or MIT's local Windows Automatic Update Service.
----------------
Resources:
Nov 2006 Bulletin Summary, which includes details of each of the
vulnerabilities: <http://www.microsoft.com/technet/security/bulletin/
ms06-nov.mspx>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
N42-040, tel: (617) 253-2715
More information about the ist-security-fyi
mailing list