[IS&T Security-FYI] Newsletter, August 22, 2008

Monique Yeaton myeaton at MIT.EDU
Fri Aug 22 16:00:20 EDT 2008 

In this issue:

1. Warning for Red Hat and Fedora Users
2. Microsoft Updates for August 2008


-----------------------------------------------------
1. Warning for Red Hat and Fedora Users
-----------------------------------------------------

For users running Red Hat, it appears that Red Hat Network servers  
were compromised last week and signed openssh packages were uploaded.  
MIT folk who complied with our
recommendations to update via RHN are not at risk. Although Red Hat  
claims subscribers are not at risk, they released a script to detect  
if the compromised packages were installed. It is a good idea to run  
it on all RHEL5/RHEL5 and Fedora systems ASAP.

Details are here:

<http://rhn.redhat.com/errata/RHSA-2008-0855.html>

The script to detect the compromised packages can be found here:

<http://www.redhat.com/security/data/openssh-blacklist.html>

This intrusion also affected Fedora, and information on the Fedora  
Project's response
is here:

<https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html 
 >

-----------------------------------------------
2. Microsoft Updates for August 2008
-----------------------------------------------

This month, Microsoft released updates that address 6 critical and 5  
important vulnerabilities for the Windows operating system and Office  
products. Systems affected:

     * Microsoft Windows
     * Microsoft Internet Explorer
     * Microsoft Office including Access, Excel, and Word

These patches are now approved for deployment via MIT WAUS. Also  
included in this month's release is Service Pack 3 for Windows XP 32- 
bit versions and Service Pack 1 for Windows Vista.

Details are here: <http://www.microsoft.com/technet/security/bulletin/ms08-aug.mspx 
 >



=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security

---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS!
Ignore emails asking you to provide yours. IT staff at MIT will  
*NEVER* ask you for your password.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20080822/48876e43/attachment.htm

More information about the ist-security-fyi mailing list