[IS&T Security-FYI] Newsletter, Feb. 15, 2007
Monique Yeaton
myeaton at MIT.EDU
Thu Feb 15 16:35:11 EST 2007
Covered in this issue:
++ Microsoft has released its February 2007 security updates this
week; below is our summary on these latest ones. ++ Unless you've
been living under a rock you'll have heard about Microsoft's latest
operating system, Vista, being released to the public. MIT notified
the community recently of its limited support of Vista, recommending
Windows users to wait to upgrade until later this year. Learn more
about this and what your security concerns should be in regards to
Vista. ++ Giving recommendation for other security awareness
newsletters is my way of advising you to stay up to date on the
latest security issues however you can. SANS provides a wonderful
newsletter called "Ouch!" which I recommend people subscribe to. ++
Our tip of the week is written in response to increased DMCA notices
at MIT.
1. Microsoft's February 2007 Security Updates (Patch Tuesday)
2. Release of Vista
3. SANS Ouch! Newsletter
4. Tip: Avoid Copyright Infringement
--------------------------------------------------------------
1. Microsoft's February 2007 Security Patches
--------------------------------------------------------------
On February 13, Patch Tuesday, Microsoft released 12 updates for the
following software or components:
- Windows (2 Critical, 3 Important)
- Windows Interactive Training (1 Important)
- Microsoft Antivirus (1 Critical)
- Internet Explorer (1 Critical)
- Office or Works (2 Critical, 1 Important)
- Visual Studio (1 Important)
**Note: Microsoft Windows Malicious Software Removal Tool update**
Microsoft also released an updated version of the Malicious Software
Removal Tool on Windows Server Update Service (WSUS), Windows Update
(WU) and the Download Center. This tool will NOT be distributed using
Software Update Services (SUS).
If you have Automatic Updates enabled on your system, the updates are
delivered to you when they are released, but you have to make sure
you install them. We recommend that you take the updates unless you
have specific information indicating that it is incompatible with an
application you need to use. You will have to restart your computer
after applying the patches.
Detailed descriptions of the 12 updates are in Microsoft Security
Bulletins MS07-005 through MS07-016, available here:
<http://www.microsoft.com/technet/security/bulletin/ms07-Feb.mspx>
End users who wish to skip the details and go right to the download
page can go here:
<http://www.microsoft.com/athome/security/update/bulletins/200702.mspx>
Visit the Protect your PC site <http://www.microsoft.com/athome/
security/default.mspx> to learn how to have the latest security
updates delivered directly to your computer.
Eleven of the patches have been released by MIT WAUS. Deployment of
the 12th, MS07-013, has been temporarily deferred while application
compatibilities are addressed regarding a product called Connexion,
used by the MIT Libraries.
<http://web.mit.edu/ist/topics/windows/updates/>
Thank you for using WAUS or the Microsoft Update services. The best
line of defense against viruses and other malware is to keep your
system and software up to date.
--------------------------
2. Release of Vista
--------------------------
MIT's recommendation is to wait to upgrade to Vista until more
software becomes compatible with the new operating system. In
addition to usability issues, the incompatibility problem also raises
some security concerns. For instance TSM backup currently fails.
VirusScan 8.0i doesn't work on Vista (although the newest version is
being released by MIT soon). Kerberos KFW 2.6.5 has functionality
problems with Vista. VPN fails. Any of these issues may either put
your data or your system at risk if you do upgrade to Vista prior to
the recommended timeline.
In addition, system requirements for PCs running Vista are much
greater than for those running XP or earlier versions of Windows. If
you are running Vista on a system that can't handle it, you may lose
productivity and compromise data security.
To keep track of the Software Release Team's (SWRT) latest findings
on Vista or to learn more about Vista please see the links below.
Vista Notebook: <http://web.mit.edu/swrt/releases/vista/>
Vista Product Information: <http://itinfo.mit.edu/product.php?vid=735>
-----------------------------------
3. SANS Ouch! Newsletter
-----------------------------------
The monthly Ouch! newsletter from the SANS (SysAdmin, Audit, Network,
Security) Institute shows end users "how to avoid phishing and other
scams plus viruses and malware using the latest attacks as examples."
You can visit the website below to either download the latest issue
or you can sign up for a free subscription. You can never be too
informed about how to avert the latest computer threats.
<http://www.sans.org/newsletters/ouch/>
-------------------------------------------------
4. Tip: Avoid Copyright Infringement
-------------------------------------------------
With the huge increase of DMCA notices in the past six months at MIT,
it appears that copyright holders are more aggressively going after
infringers. What many don't know is what constitutes a copyright
infringement.
In short, copyright infringement is if you do not have the permission
of the copyright holder, and you download and/or distribute files
with their copyrighted songs, movies, games, software, etc., thereby
violating the copyright holder’s rights and the law.
A security concern is that opening up peer-to-peer file sharing can
make your computer vulnerable to viruses and can compromise your
privacy if other users gain access to files on your hard drive you
did not intend to share.
To learn more about the policies and rules of copyright at MIT visit
<http://web.mit.edu/copyright>.
If you have any questions, you may contact us at <security at mit.edu>.
=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security
More information about the ist-security-fyi
mailing list