[IS&T Security-FYI] SFYI Newsletter, April 12, 2010
Monique Yeaton
myeaton at MIT.EDU
Mon Apr 12 11:32:46 EDT 2010
In this issue:
1. Microsoft Security Updates
2. Unsupported Windows Platforms
3. Adobe Vulnerabilities
-------------------------------------
1. Microsoft Security Updates
-------------------------------------
On Tuesday, April 13, Microsoft intends to release 11 security
bulletins, 5 of which are critical, to address 25 vulnerabilities.
Systems affected:
Windows and Windows Server (all supported versions)
Office XP, 2003 and 2007
Microsoft Exchange (all supported versions)
Read the advance notification in full here:
<http://www.microsoft.com/technet/security/bulletin/ms10-apr.mspx>
--------------------------------------------
2. Unsupported Windows Platforms
--------------------------------------------
Microsoft will be phasing out security updates for three of its
Windows platforms. It is therefore important that users add the newest
Service Pack for those platforms or upgrade to Windows 7.
The following platforms will no longer be receiving security updates:
Windows XP Service Pack 2 - no longer supported after July 13, 2010.
Recommended action: upgrade to Service Pack 3 or to Windows 7.
Windows 2000 - no longer supported after July 13, 2010. Recommended
action: upgrade to Windows 7.
Windows Vista RTM (Released to Manufacturing) - no longer supported
after April 13, 2010. Service Pack 1 will be supported until July 12,
2011. Recommended action: update to Service Pack 2 or upgrade to
Windows 7.
Microsoft Blog: <http://blogs.technet.com/msrc/archive/2010/04/08/april-2010-bulletin-release-advance-notification.aspx
>
------------------------------
3. Adobe Vulnerabilities
------------------------------
There have been several security threats targeting Adobe software
lately. The most recent are:
Adobe Acrobat and Reader: When users open a PDF that contains a launch
action, they may be convinced to open a separate file via the dialog
warning box that appears. The warning box does include wording to only
open and execute files from trusted sources. The default setting is to
not open the file. However, users can by-pass this warning in
Preferences by checking the box "Allow opening of non-PDF file
attachments with external applications," which would make users
vulnerable to dangerous files. An image of the default settings is
available here: <http://blogs.adobe.com/adobereader/assets_c/2010/04/trust_mgr_pref-2598.html
>
Adobe Update: The update mechanism for Adobe has come under attack
recently. Malware that bears identical icons and version details to an
Adobe update can trick users into believing it is legitimate. The
malware is a Trojan that can bypass antivirus software and systems. <http://blog.trendmicro.com/malware-spoof-an-adobe-update-and-vpskeys/
>
=
=
=
========================================================================
Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB
>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100412/5b69941e/attachment.htm
More information about the ist-security-fyi
mailing list