[IS&T Security-FYI] Newsletter, June 13, 2008

Monique Yeaton myeaton at MIT.EDU
Fri Jun 13 13:45:49 EDT 2008 

In this issue:

1. June 2008 Security Updates
2. Dangerous Surfing

---------------------------------------
1. June 2008 Security Updates
---------------------------------------

Microsoft and Apple have both released updates this month. Below is a  
list of items affected:

----Microsoft-----

  * Microsoft Windows
  * Microsoft Windows Server
  * Microsoft Internet Explorer

Microsoft has released 3 important and 3 critical updates on June 10  
that address various vulnerabilities a remote, unauthenticated  
attacker could use to execute arbitrary code or cause a vulnerable  
system to crash. Apply the updates from Microsoft via MIT WAUS or  
Microsoft software update.

For more information about these updates see:
<http://www.microsoft.com/technet/security/bulletin/ms08-jun.mspx>

----Apple----

  * Apple Mac OS X running versions of QuickTime prior to 7.5
  * Microsoft Windows running versions of QuickTime prior to 7.5

Apple QuickTime versions prior to 7.5 have vulnerabilities in the way  
different types of image and media files are handled. An attacker  
could exploit these vulnerabilities by convincing a user to access a  
specially crafted image or media file that could be hosted on a web  
page. Note that Apple iTunes installs QuickTime, so any system with  
iTunes may be vulnerable.

The suggested solution is to upgrade to QuickTime 7.5. This and other  
updates for Mac OS X are available via Apple Update. You can also  
obtain the update from Apple here:
<http://www.apple.com/quicktime/download/>


---------------------------
2. Dangerous Surfing
---------------------------

According to a report recently released by McAfee, the likelihood of  
downloading something malicious from the Internet has increased 41%  
over the last year. Sites hosted in Hong Kong, China, the Philipines  
and Romania are some of the worst offenders listed in this report,  
however it also points out that not all sites with those country codes  
appearing in the url (.cn, or .hk) are hosted in those countries.  
Website operators can register sites from anywhere to target different  
geographies. Many of the infected sites offer Prozac; ironic,  
considering that people visiting these sites are likely already in  
dire straits.

Read the full story here:
<http://www.msnbc.msn.com/id/24966835/>


=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security

More information about the ist-security-fyi mailing list