[IS&T Security-FYI] Microsoft Updates for Vulnerabilities in Microsoft Windows and Office
Monique Yeaton
myeaton at MIT.EDU
Wed Oct 11 17:14:49 EDT 2006
--------------------------------------------------
On October 10, 2006, Microsoft released updates to address ten
different vulnerabilities in Microsoft Windows, Internet Explorer,
and Microsoft Office. The Bulletin Summary released on Oct. 10
concerns Microsoft Security Bulletins MS06-056 through MS06-065, six
of which are critical. Two of the bulletins discuss previously
disclosed vulnerabilities.
Updates have been posted online or are automatically downloaded
through Microsoft's Automatic Update Service. If you use MIT's local
Windows Automatic Update Service (WAUS), the Windows updates will be
downloaded after the necessary testing, and notification of their
availability will be coming soon.
To download the updates manually go to:
For Microsoft Windows: <https://update.microsoft.com/microsoftupdate/>
For Microsoft Office: <http://officeupdate.microsoft.com/>
For Microsoft Office for Mac: <http://www.microsoft.com/mac/
default.aspx>
*** Until you download the updates, you may want to exercise extra
caution when receiving and opening e-mail attachments. If you are
unsure if the updates have been applied to your computer, or whether
you should apply them manually, contact your IT support person or the
Computing Help Desk <computing-help at mit.edu>. ***
----------------------
Windows Users:
----------------------
It is strongly recommended to update your Windows operating system
and any applications that are part of the Microsoft Office suite
(which may include Word, Excel, Access, FrontPage, Visio, Publisher,
InfoPath, Project, PowerPoint, Outlook and Entourage) unless your
local system administrator instructs you to do otherwise.
Affected Software:
Microsoft Windows (incl. Internet Explorer):
- XP Service Pack 1 or 2
- 2003, all editions including Itanium-based systems and x64 edition
- 2000 Service Pack 4
Microsoft Office:
- XP Service Pack 3
- 2003 Service Pack 1 or 2
- 2000 Service Pack 3
Resources:
Oct 2006 Bulletin Summary: <http://www.microsoft.com/technet/security/
bulletin/ms06-oct.mspx>
Microsoft Windows Update: <https://update.microsoft.com/
microsoftupdate/>
Microsoft Office Update: <http://officeupdate.microsoft.com/>
Windows Server Update Service: <http://www.microsoft.com/
windowsserversystem/updateservices/default.mspx>
MIT WAUS: <http://web.mit.edu/ist/topics/windows/updates/>
-----------------
Mac Users:
-----------------
For Macintosh, Microsoft released security update 11.3.0 for
Microsoft Office 2004 users and security update 10.1.8 for Microsoft
Office v. X users.
Affected Software:
Microsoft Office:
- v. X
- 2004 Standard Edition
- 2004 Student and Teacher Edition
- 2004 Professional Edition
For both 2004 and v. X editions:
- Microsoft Word for Mac
- Microsoft Excel for Mac
- Microsoft PowerPoint for Mac
- Microsoft Entourage for Mac.
System Requirements:
Mac OS X 10.2.8 (Jaguar) or later for the 11.3.0 update. If you want
to use Spotlight, Sync Services, or smart cards, you must be running
Mac OS X 10.4.3 (Tiger) or a later version.
Mac OS X 10.1 (Puma) or later for the 10.1.8 update.
To verify that your computer meets these minimum requirements, on the
Apple menu, click About this Mac.
Resources:
Office 2004 Update: <http://www.microsoft.com/mac/downloads.aspx?
pid=download&location=/mac/download/office2004/
Office2004_1130.xml&secid=4&ssid=31&flgnosysreq=True>
Office v. X Update: <http://www.microsoft.com/mac/downloads.aspx?
pid=download&location=/mac/download/officex/
OfficeX_1018.xml&secid=5&ssid=32&flgnosysreq=True>
Oct 2006 Bulletin Summary: <http://www.microsoft.com/technet/security/
bulletin/ms06-oct.mspx>
The very best first line of defense against vulnerabilities is to
take Microsoft patches automatically whenever feasible. We want to
thank everyone who already uses Microsoft's Automatic Update Service
or MIT's local Windows Automatic Update Service.
Thank you,
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
N42-040, tel: (617) 253-2715
More information about the ist-security-fyi
mailing list