[IS&T Security-FYI] SFYI Newsletter, February 8, 2010

Mon Feb 8 10:23:15 EST 2010

In this issue:

1. Microsoft Security Updates
2. Microsoft Warns of IE Flaw
3. Laptop Loss & Theft at MIT

---------------------------------------
1. Microsoft Security Updates
---------------------------------------

On Tuesday, February 9, Microsoft intends to release 13 security bulletins, 5 of which are critical, to address 26 vulnerabilities. Systems affected:

	•	Windows (all supported versions)
	•	Office XP, 2003, and 2004 for Mac

In addition to the patches, Microsoft is also planning to release an updated version of the Microsoft Malicious Software Removal Tool.

Read the advance notification in full here:
<http://www.microsoft.com/technet/security/bulletin/ms10-feb.mspx>

---------------------------------------
2. Microsoft Warns of IE Flaw
---------------------------------------

Last week Microsoft issued Security Advisory 980088 to address a vulnerability in Internet Explorer that may allow information disclosure for Windows XP users who have disabled Internet Explorer Protected Mode. The advisory explains that content can be found to render incorrectly from local files in such a way that information can be exposed to malicious websites. A demo provided by Core Security Technologies at the Black Hat DC conference last week showed how an attacker could read every file on a filesystem when a user was running Internet Explorer. 

Versions affected:

	•	IE 6, 7, and 8 on supported editions of Windows XP and Windows Server 2003

Microsoft noted that Protected Mode prevents exploitation of this vulnerability and is running by default in IE 7 and IE 8 on Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2.

No patch has been released yet for this vulnerability.

Read the full bulletin here:
<http://www.microsoft.com/technet/security/advisory/980088.mspx>

---------------------------------------
3. Laptop Loss & Theft at MIT
---------------------------------------

According to a report by Dell Inc, a laptop is lost or stolen every 53 seconds in the U.S. At MIT the number of reported lost or stolen computers averages at around 100 per year. While those numbers are certainly not as impressive, think about how it would affect you, should your laptop go missing.

There are various steps you can take to protect the information on your laptop in the event it falls into the wrong hands. Tips for laptop protection can be found here: <http://ist.mit.edu/security/support/traveling>

In addition, there are steps you can take to deter a thief from taking you laptop. The MIT police offer STOP tags to anyone who registers their laptop on campus. STOP tags are a loss prevention measure and are a visible deterrent against theft of small electronic devices. Once applied it takes 24 hours for the glue to cure. Then it takes up to 800 pounds of pressure to remove the tag. If removed, it leaves a tattoo stating stolen property. 

You can have your laptop tagged and registered for only $10 cash on the following dates. (Techcash is not accepted. If a departmental payment, be sure you have the cost object code so the fee can be charged back to your department.)

February 10, 11:30 - 1:30
Student Street in Stata

February 17, 11:30 - 1:30
Student Street in Stata

February 18, 11:30 - 1:30
Lobby 10

For more information on computer loss, theft and theft deterrents see:
<http://ist.mit.edu/security/support/loss>

Monique Yeaton
IT Security Awareness Consultant
Information Services & Technology, MIT
http://ist.mit.edu/security