[IS&T Security-FYI] SFYI Newsletter, November 14, 2008

Monique Yeaton myeaton at MIT.EDU
Fri Nov 14 16:43:16 EST 2008 

In this issue:

1. November 2008 Security Updates
2. MIT Security Awareness Day Presentations Online


----------------------------------------------
1. November 2008 Security Updates
----------------------------------------------

----Microsoft----

  * Microsoft Windows
  * Microsoft Office XP, 2003, and 2007
  * Microsoft XML Core Services

As part of the Microsoft Security Bulletin Summary for November 2008,  
Microsoft released one critical and one important level patch for the  
Windows operating system and Office products. The most severe  
vulnerabilities could allow a remote, unauthenticated attacker to  
execute arbitrary code. These patches are now approved for deployment  
via MIT WAUS.

According to Network & Infrastructure Services Team at MIT, "The  
critical patch from this month's release addresses a user based  
exploit in Microsoft's XML client services. The important level patch  
addresses a security vulnerability in the SMB protocol. MIT's  
assessment of this latter patch is to treat it as a critical patch,  
therefore we have accelerated it's deployment approximately a day  
ahead of the regular deployment schedule."

For more information on this update:
<http://www.microsoft.com/technet/security/bulletin/ms08-nov.mspx>


----Adobe Reader and Acrobat Vulnerabilities----

  * Adobe Reader version 8.1.2 and earlier
  * Adobe Acrobat (Professional, 3D, and Standard) version 8.1.2 and  
earlier

Adobe has released Security Bulletin APSB08-19 to address multiple  
vulnerabilities affecting Adobe Reader and Acrobat. The most severe of  
these vulnerabilities could allow a remote attacker to execute  
arbitrary code. An attacker could exploit these vulnerabilities by  
convincing a user to load a specially crafted Adobe Portable Document  
Format (PDF) file. Acrobat integrates with popular web browsers, and  
visiting a website is usually sufficient to cause Acrobat to load PDF  
content.

According to the information in Adobe Security bulletin, users with  
version 8 of Adobe Reader or Acrobat should upgrade to version 8.1.3.

For more information on this update:
<http://www.adobe.com/support/security/bulletins/apsb08-19.html>


----Apple----

  * Safari for Windows XP, Vista, Mac OS X 10.4.11, Mac OS X 10.5.5

Apple released a patch for Safari this week to address multiple  
vulnerabilities. Users of this browser are recommended to upgrade to  
Safari 3.2.

For more information on this update:
<http://support.apple.com/kb/HT3298>


-------------------------------------------------------------------
2. MIT Security Awareness Day Presentations Online
-------------------------------------------------------------------

The presentations that were given on November 5, MIT Security  
Awareness Day, are posted online for those who were unable to make it.  
Topics included Technology Security, Physical Security, and Social  
Engineering and Phishing.

<http://web.mit.edu/ist/topics/security/campaign2008/securityday.html>


=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security

---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS!
Ignore emails asking you to provide yours. IS&T will *NEVER* ask you  
for your password.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20081114/bad34879/attachment.htm

More information about the ist-security-fyi mailing list