[IS&T Security-FYI] Newsletter, June 13, 2008
Monique Yeaton
myeaton at MIT.EDU
Fri Jun 13 13:45:49 EDT 2008
In this issue:
1. June 2008 Security Updates
2. Dangerous Surfing
---------------------------------------
1. June 2008 Security Updates
---------------------------------------
Microsoft and Apple have both released updates this month. Below is a
list of items affected:
----Microsoft-----
* Microsoft Windows
* Microsoft Windows Server
* Microsoft Internet Explorer
Microsoft has released 3 important and 3 critical updates on June 10
that address various vulnerabilities a remote, unauthenticated
attacker could use to execute arbitrary code or cause a vulnerable
system to crash. Apply the updates from Microsoft via MIT WAUS or
Microsoft software update.
For more information about these updates see:
<http://www.microsoft.com/technet/security/bulletin/ms08-jun.mspx>
----Apple----
* Apple Mac OS X running versions of QuickTime prior to 7.5
* Microsoft Windows running versions of QuickTime prior to 7.5
Apple QuickTime versions prior to 7.5 have vulnerabilities in the way
different types of image and media files are handled. An attacker
could exploit these vulnerabilities by convincing a user to access a
specially crafted image or media file that could be hosted on a web
page. Note that Apple iTunes installs QuickTime, so any system with
iTunes may be vulnerable.
The suggested solution is to upgrade to QuickTime 7.5. This and other
updates for Mac OS X are available via Apple Update. You can also
obtain the update from Apple here:
<http://www.apple.com/quicktime/download/>
---------------------------
2. Dangerous Surfing
---------------------------
According to a report recently released by McAfee, the likelihood of
downloading something malicious from the Internet has increased 41%
over the last year. Sites hosted in Hong Kong, China, the Philipines
and Romania are some of the worst offenders listed in this report,
however it also points out that not all sites with those country codes
appearing in the url (.cn, or .hk) are hosted in those countries.
Website operators can register sites from anywhere to target different
geographies. Many of the infected sites offer Prozac; ironic,
considering that people visiting these sites are likely already in
dire straits.
Read the full story here:
<http://www.msnbc.msn.com/id/24966835/>
=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security
More information about the ist-security-fyi
mailing list