[IS&T Security-FYI] SFYI Newsletter, April 12, 2010

Monique Yeaton myeaton at MIT.EDU
Mon Apr 12 11:32:46 EDT 2010 

In this issue:

1. Microsoft Security Updates
2. Unsupported Windows Platforms
3. Adobe Vulnerabilities


-------------------------------------
1. Microsoft Security Updates
-------------------------------------

On Tuesday, April 13, Microsoft intends to release 11 security  
bulletins, 5 of which are critical, to address 25 vulnerabilities.  
Systems affected:

Windows and Windows Server (all supported versions)
Office XP, 2003 and 2007
Microsoft Exchange (all supported versions)

Read the advance notification in full here:
<http://www.microsoft.com/technet/security/bulletin/ms10-apr.mspx>


--------------------------------------------
2. Unsupported Windows Platforms
--------------------------------------------

Microsoft will be phasing out security updates for three of its  
Windows platforms. It is therefore important that users add the newest  
Service Pack for those platforms or upgrade to Windows 7.

The following platforms will no longer be receiving security updates:

Windows XP Service Pack 2 - no longer supported after July 13, 2010.  
Recommended action: upgrade to Service Pack 3 or to Windows 7.
Windows 2000 - no longer supported after July 13, 2010. Recommended  
action: upgrade to Windows 7.
Windows Vista RTM (Released to Manufacturing) - no longer supported  
after April 13, 2010. Service Pack 1 will be supported until July 12,  
2011. Recommended action: update to Service Pack 2 or upgrade to  
Windows 7.

Microsoft Blog: <http://blogs.technet.com/msrc/archive/2010/04/08/april-2010-bulletin-release-advance-notification.aspx 
 >


------------------------------
3. Adobe Vulnerabilities
------------------------------

There have been several security threats targeting Adobe software  
lately. The most recent are:

Adobe Acrobat and Reader: When users open a PDF that contains a launch  
action, they may be convinced to open a separate file via the dialog  
warning box that appears. The warning box does include wording to only  
open and execute files from trusted sources. The default setting is to  
not open the file. However, users can by-pass this warning in  
Preferences by checking the box "Allow opening of non-PDF file  
attachments with external applications," which would make users  
vulnerable to dangerous files. An image of the default settings is  
available here: <http://blogs.adobe.com/adobereader/assets_c/2010/04/trust_mgr_pref-2598.html 
 >
Adobe Update: The update mechanism for Adobe has come under attack  
recently. Malware that bears identical icons and version details to an  
Adobe update can trick users into believing it is legitimate. The  
malware is a Trojan that can bypass antivirus software and systems. <http://blog.trendmicro.com/malware-spoof-an-adobe-update-and-vpskeys/ 
 >



= 
= 
= 
========================================================================

Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB 
 >


Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100412/5b69941e/attachment.htm

More information about the ist-security-fyi mailing list