[Security-fyi] Critical Microsoft Security Patch Released
Monique Yeaton
myeaton at MIT.EDU
Wed Sep 27 17:46:08 EDT 2006
------------------------
For Windows Users:
If you are one of many Microsoft Internet Explorer users at MIT
(recent analysis puts that number at around 40%) then you will want
to make sure you have the recent update released by Microsoft. On
September 26, 2006, Microsoft announced a fix for a major problem
identified as Microsoft Bulletin MS06-055.
If you use a Windows machine running Internet Explorer you should
apply the update immediately unless your local system administrator
instructs you to do otherwise. The update is available automatically
through WAUS http://web.mit.edu/ist/topics/windows/updates/ or from
the Microsoft Security Bulletin page http://www.microsoft.com/technet/
security/Bulletin/MS06-055.mspx.
Summary of the problem: This patch addresses a user based exploit in
the Vector Markup Language. If you happen to browse to a specially
crafted Web page or view an HTML e-mail that exploits this
vulnerability, malicious code could potentially be downloaded to your
computer, causing serious problems.
Please take the steps recommended below according to the version of
Windows you are running.
· Microsoft Windows XP with Service Packs 1, 2 or Professional
x64 Edition -- Download the update
· Microsoft Windows Server 2003 with Service Pack 1 or SP1 for
Itanium-based Systems -- Download the update
· Microsoft Windows Server 2003 for Itanium-based Systems or
running x64 Edition -- Download the update
· Microsoft Windows 2000 (all levels) -- Download the update
· Other unsupported versions of Microsoft Windows -- Refer to
the Microsoft Bulletin referenced above.
The very best first line of defense against vulnerabilities is to
take Microsoft patches automatically whenever feasible. We want to
thank everyone who already uses Microsoft's Automatic Update Service
or MIT's local Windows Automatic Update Service, and if you already
use one of these services, the patch has likely already been
installed on your machine.
Thank you,
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20060927/656d1742/attachment.htm
More information about the ist-security-fyi
mailing list