[Security-fyi] Critical Microsoft Security Patch Released

Monique Yeaton myeaton at MIT.EDU
Wed Sep 27 17:46:08 EDT 2006 


------------------------

For Windows Users:

If you are one of many Microsoft Internet Explorer users at MIT  
(recent analysis puts that number at around 40%) then you will want  
to make sure you have the recent update released by Microsoft. On  
September 26, 2006, Microsoft announced a fix for a major problem  
identified as Microsoft Bulletin MS06-055.

If you use a Windows machine running Internet Explorer you should  
apply the update immediately unless your local system administrator  
instructs you to do otherwise. The update is available automatically  
through WAUS http://web.mit.edu/ist/topics/windows/updates/ or from  
the Microsoft Security Bulletin page http://www.microsoft.com/technet/ 
security/Bulletin/MS06-055.mspx.

Summary of the problem: This patch addresses a user based exploit in  
the Vector Markup Language. If you happen to browse to a specially  
crafted Web page or view an HTML e-mail that exploits this  
vulnerability, malicious code could potentially be downloaded to your  
computer, causing serious problems.

Please take the steps recommended below according to the version of  
Windows you are running.

·      Microsoft Windows XP with Service Packs 1, 2 or Professional  
x64 Edition -- Download the update

·      Microsoft Windows Server 2003 with Service Pack 1 or SP1 for  
Itanium-based Systems  -- Download the update

·      Microsoft Windows Server 2003 for Itanium-based Systems or  
running x64 Edition -- Download the update

·      Microsoft Windows 2000 (all levels) -- Download the update

·      Other unsupported versions of Microsoft Windows -- Refer to  
the Microsoft Bulletin referenced above.


The very best first line of defense against vulnerabilities is to  
take Microsoft patches automatically whenever feasible. We want to  
thank everyone who already uses Microsoft's Automatic Update Service  
or MIT's local Windows Automatic Update Service, and if you already  
use one of these services, the patch has likely already been  
installed on your machine.

Thank you,

Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20060927/656d1742/attachment.htm

More information about the ist-security-fyi mailing list