[IS&T Security-FYI] SFYI Newsletter, January 19, 2010

Monique Yeaton myeaton at mit.edu
Tue Jan 19 11:08:14 EST 2010 

In this issue:

1. January 2010 Security Patches
2. One More Offering: Sensitive Data IAP Seminar


-------------------------------------------
1. January 2010 Security Patches
-------------------------------------------

Last week Tuesday (Patch Tuesday) Microsoft released its security  
bulletins for the month. This month there was only a single bulletin  
from Microsoft, but on the same day there were also security patches  
released from Adobe and Oracle.

  ---- Microsoft ----

Systems affected:

Microsoft Windows
Internet Explorer

The one patch released this month addresses a vulnerability in the  
Embedded Open Type (EOT) font engine in Windows. The EOT vulnerability  
is assigned a "low" severity rating by Microsoft in most current  
versions of Windows, but for Windows 2000 the severity is "critical."  
The patch has been approved for deployment via MIT WAUS (Windows  
Automatic Update Services).

The full Microsoft security bulletin:
<http://www.microsoft.com/technet/security/bulletin/ms10-jan.mspx>


  ---- Adobe ----

Microsoft put a security advisory out to its Windows users that a  
vulnerability in Adobe Flash Flayer 6 can cause problems on its  
system. Mac users should also be aware. In addition, Adobe has  
released an update to address a vulnerability in Reader and Acrobat.

Systems affected:

Adobe (Macromedia) Flash Player 6
Adobe Reader and Acrobat 9 and earlier

The advisory from Microsoft recommends that Windows XP users remove,  
disable or upgrade from Adobe Flash Player 6, which came bundled with  
Windows XP. As a best security practice, it is important to keep all  
software on your computer up to date with the newest release or  
upgrade. If you're using a Macintosh computer, it is recommended to  
upgrade to the latest version of Flash Player as well.

Flash Player 10 is the most recent version and can be downloaded here:
<http://get.adobe.com/flashplayer/>

The Microsoft Security Advisory regarding Adobe Flash Player 6:
<http://www.microsoft.com/technet/security/advisory/979267.mspx>

How to uninstall the Adobe Flash Player plug in:
<http://kb2.adobe.com/cps/141/tn_14157.html>

The security bulletin for Reader and Acrobat:
<http://www.adobe.com/support/security/bulletins/apsb10-02.html>


  ---- Oracle ----

The Oracle Critical Patch Update Advisory of January 2010 addresses 24  
vulnerabilities in various products and components.

It is recommended to apply the appropriate patches or upgrades as  
specified in the Update Advisory. The next Critical Patch Update is  
due to be released in April 2010.

January 2010 Critical Patch Update Advisory:
<http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html 
 >


---------------------------------------------------------------
2. One More Offering: Sensitive Data IAP Seminar
---------------------------------------------------------------

There is one more opportunity to attend the IAP Seminar on Handling  
Sensitive Data. The last session will be held on:

Thursday, Jan 21, 3-4:00 pm, 56-114

I'm happy to report that we had a great turnout at the first two  
sessions held last week.

If you are an administrative staff member, this seminar will be of  
benefit to you. Learn which data protection regulations will apply to  
the work you do, how to mitigate the risk of a data breach at MIT, and  
what and how data is at risk.

If you are an IT administrator, learn which challenges MIT is facing  
in regards to protecting data and what can be done.

For those who are or were unable to attend, information on the  
presentation and other related resources have been posted online at:

<http://web.mit.edu/infoprotect/resources_inside.html>

Please contact Allison Dolan (adolan at mit.edu) or Monique Yeaton (myeaton at mit.edu 
) if you would like to have a private seminar on this topic presented  
to a group of people within your area.

= 
= 
= 
========================================================================

Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB 
 >



Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100119/186c115b/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1846 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100119/186c115b/attachment.bin

More information about the ist-security-fyi mailing list