[IS&T Security-FYI] SFYI Newsletter, January 21, 2010
Monique Yeaton
myeaton at mit.edu
Thu Jan 21 12:59:52 EST 2010
This newsletter has announcements regarding additional security
updates and advisories, released on the heels of my last newsletter.
Hence the need for an extra issue.
In this issue:
1. Microsoft Releasing an Out-of-Cycle Bulletin
2. "Windows Kernel" Security Advisory from Microsoft
3. Apple Released Security Update 2010-001
-----------------------------------------------------------
1. Microsoft Releasing an Out-of-Cycle Bulletin
-----------------------------------------------------------
Microsoft intends to release one out-of-cycle security bulletin on
January 21, 2010.
Systems affected:
Internet Explorer (versions 6 through 8)
All Windows systems (2000, XP, Vista and 7)
All Windows Server systems (2003, 2008, 2008 R2)
The bulletin will address limited, targeted attacks against customers
using Internet Explorer 6, as well as fixes for vulnerabilities rated
Critical that are not currently under active attack.
See the full bulletin: <http://www.microsoft.com/technet/security/bulletin/ms10-jan.mspx
>
------------------------------------------------
2. "Windows Kernel" Security Advisory
------------------------------------------------
Microsoft is investigating a new report of a vulnerability in the
Windows kernel. They are not aware of attacks that try to use the
reported vulnerability or of customer impact at this time. They are
still working on an investigation. Upon completion, Microsoft says it
will take appropriate action, which may include providing a security
update through their monthly release process or an out-of-band
security update, depending on customer needs. This issue is NOT being
addressed by the out-of-cycle bulletin mentioned above.
See the Security Advisory (979682): <http://www.microsoft.com/technet/security/advisory/979682.mspx
>
---------------------------------------------------------
3. Apple Released Security Update 2010-001
---------------------------------------------------------
Apple has released the first security update of 2010 this week.
Systems affected:
Mac OS X v10.5.8
Mac OS X v10.6.2
This security update addresses vulnerabilities in various components
of the operating system, including among others the Flash Player plug-
in, CoreAudio, and OpenSSL. The update can be downloaded and installed
via Software Update or from Apple Downloads <http://support.apple.com/downloads/
>.
Details of Security Update 2010-001:
<http://support.apple.com/kb/HT4004>
=
=
=
========================================================================
Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB
>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS!
Ignore emails asking you to provide yours. IS&T will *NEVER* ask you
for your password.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100121/4de4175f/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1846 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100121/4de4175f/attachment.bin
More information about the ist-security-fyi
mailing list