[IS&T Security-FYI] Microsoft Updates for Vulnerabilities in Microsoft Windows and Office

Monique Yeaton myeaton at MIT.EDU
Wed Oct 11 17:14:49 EDT 2006 


--------------------------------------------------

On October 10, 2006, Microsoft released updates to address ten  
different vulnerabilities in Microsoft Windows, Internet Explorer,  
and Microsoft Office. The Bulletin Summary released on Oct. 10  
concerns Microsoft Security Bulletins MS06-056 through MS06-065, six  
of which are critical. Two of the bulletins discuss previously  
disclosed vulnerabilities.

Updates have been posted online or are automatically downloaded  
through Microsoft's Automatic Update Service. If you use MIT's local  
Windows Automatic Update Service (WAUS), the Windows updates will be  
downloaded after the necessary testing, and notification of their  
availability will be coming soon.

To download the updates manually go to:
For Microsoft Windows: <https://update.microsoft.com/microsoftupdate/>
For Microsoft Office: <http://officeupdate.microsoft.com/>
For Microsoft Office for Mac: <http://www.microsoft.com/mac/ 
default.aspx>

*** Until you download the updates, you may want to exercise extra  
caution when receiving and opening e-mail attachments. If you are  
unsure if the updates have been applied to your computer, or whether  
you should apply them manually, contact your IT support person or the  
Computing Help Desk <computing-help at mit.edu>. ***

----------------------
Windows Users:
----------------------

It is strongly recommended to update your Windows operating system  
and any applications that are part of the Microsoft Office suite  
(which may include Word, Excel, Access, FrontPage, Visio, Publisher,  
InfoPath, Project, PowerPoint, Outlook and Entourage) unless your  
local system administrator instructs you to do otherwise.

Affected Software:

Microsoft Windows (incl. Internet Explorer):
- XP Service Pack 1 or 2
- 2003, all editions including Itanium-based systems and x64 edition
- 2000 Service Pack 4

Microsoft Office:
- XP Service Pack 3
- 2003 Service Pack 1 or 2
- 2000 Service Pack 3

Resources:
Oct 2006 Bulletin Summary: <http://www.microsoft.com/technet/security/ 
bulletin/ms06-oct.mspx>
Microsoft Windows Update: <https://update.microsoft.com/ 
microsoftupdate/>
Microsoft Office Update: <http://officeupdate.microsoft.com/>
Windows Server Update Service: <http://www.microsoft.com/ 
windowsserversystem/updateservices/default.mspx>
MIT WAUS: <http://web.mit.edu/ist/topics/windows/updates/>

-----------------
Mac Users:
-----------------

For Macintosh, Microsoft released security update 11.3.0 for  
Microsoft Office 2004 users and security update 10.1.8 for Microsoft  
Office v. X users.

Affected Software:

Microsoft Office:
- v. X
- 2004 Standard Edition
- 2004 Student and Teacher Edition
- 2004 Professional Edition

For both 2004 and v. X editions:
- Microsoft Word for Mac
- Microsoft Excel for Mac
- Microsoft PowerPoint for Mac
- Microsoft Entourage for Mac.

System Requirements:
Mac OS X 10.2.8 (Jaguar) or later for the 11.3.0 update. If you want  
to use Spotlight, Sync Services, or smart cards, you must be running  
Mac OS X 10.4.3 (Tiger) or a later version.

Mac OS X 10.1 (Puma) or later for the 10.1.8 update.

To verify that your computer meets these minimum requirements, on the  
Apple menu, click About this Mac.

Resources:
Office 2004 Update: <http://www.microsoft.com/mac/downloads.aspx? 
pid=download&location=/mac/download/office2004/ 
Office2004_1130.xml&secid=4&ssid=31&flgnosysreq=True>

Office v. X Update: <http://www.microsoft.com/mac/downloads.aspx? 
pid=download&location=/mac/download/officex/ 
OfficeX_1018.xml&secid=5&ssid=32&flgnosysreq=True>

Oct 2006 Bulletin Summary: <http://www.microsoft.com/technet/security/ 
bulletin/ms06-oct.mspx>

The very best first line of defense against vulnerabilities is to  
take Microsoft patches automatically whenever feasible. We want to  
thank everyone who already uses Microsoft's Automatic Update Service  
or MIT's local Windows Automatic Update Service.

Thank you,

Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
N42-040, tel: (617) 253-2715

More information about the ist-security-fyi mailing list