[IS&T Security-FYI] SFYI Newsletter, January 21, 2010

Thu Jan 21 12:59:52 EST 2010

This newsletter has announcements regarding additional security  
updates and advisories, released on the heels of my last newsletter.  
Hence the need for an extra issue.

In this issue:

1. Microsoft Releasing an Out-of-Cycle Bulletin
2. "Windows Kernel" Security Advisory from Microsoft
3. Apple Released Security Update 2010-001

-----------------------------------------------------------
1. Microsoft Releasing an Out-of-Cycle Bulletin
-----------------------------------------------------------

Microsoft intends to release one out-of-cycle security bulletin on  
January 21, 2010.

Systems affected:

Internet Explorer (versions 6 through 8)
All Windows systems (2000, XP, Vista and 7)
All Windows Server systems (2003, 2008, 2008 R2)

The bulletin will address limited, targeted attacks against customers  
using Internet Explorer 6, as well as fixes for vulnerabilities rated  
Critical that are not currently under active attack.

See the full bulletin: <http://www.microsoft.com/technet/security/bulletin/ms10-jan.mspx 
 >

------------------------------------------------
2. "Windows Kernel" Security Advisory
------------------------------------------------

Microsoft is investigating a new report of a vulnerability in the  
Windows kernel. They are not aware of attacks that try to use the  
reported vulnerability or of customer impact at this time. They are  
still working on an investigation. Upon completion, Microsoft says it  
will take appropriate action, which may include providing a security  
update through their monthly release process or an out-of-band  
security update, depending on customer needs. This issue is NOT being  
addressed by the out-of-cycle bulletin mentioned above.

See the Security Advisory (979682): <http://www.microsoft.com/technet/security/advisory/979682.mspx 
 >

---------------------------------------------------------
3. Apple Released Security Update 2010-001
---------------------------------------------------------

Apple has released the first security update of 2010 this week.

Systems affected:

Mac OS X v10.5.8
Mac OS X v10.6.2

This security update addresses vulnerabilities in various components  
of the operating system, including among others the Flash Player plug- 
in, CoreAudio, and OpenSSL. The update can be downloaded and installed  
via Software Update or from Apple Downloads <http://support.apple.com/downloads/ 
 >.

Details of Security Update 2010-001:
<http://support.apple.com/kb/HT4004>

= 
= 
= 
========================================================================

Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB 
 >

Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS!
Ignore emails asking you to provide yours. IS&T will *NEVER* ask you  
for your password.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100121/4de4175f/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1846 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100121/4de4175f/attachment.bin