[IS&T Security-FYI] Newsletter, June 15, 2007

Fri Jun 15 16:08:36 EDT 2007

In this issue:

1. Microsoft Updates for June 2007
2. How Immune is a Mac to Vulnerabilities?

--------------------------------------------
1. Microsoft Updates for June 2007
--------------------------------------------

This past Tuesday, June 12, Microsoft released 6 patches, 4 of which  
are critical. The patches affect the following software or components:

- Microsoft Windows
- Internet Explorer
- Outlook Express
- Windows Mail
- Office
- Visio
- Secure Channel
- Win32 API

Microsoft will also release an updated version of the Microsoft  
Windows Malicious Software Removal Tool on Windows Update, Microsoft  
Update, Windows Server Update Services, and the Download Center.

Note that this tool will *not* be distributed using Software Update  
Services (SUS).

These patches are approved for deployment via MIT WAUS. If you have  
Automatic Updates enabled on your system, the updates are delivered  
to you when they are released, but you have to make sure you install  
them. We recommend that you take the updates unless you have specific  
information indicating that it is incompatible with an application  
you need to use. You may have to restart your computer after applying  
the patches.

Detailed descriptions of the 6 security updates are in Microsoft  
Security Bulletins MS07-030 through MS07-035, available here:

<http://www.microsoft.com/technet/security/bulletin/ms07-jun.mspx>

End users who wish to skip the details and go right to the downloads  
page can go here:

<http://www.microsoft.com/protect/computer/updates/bulletins/ 
200706.mspx>

Thank you for using WAUS or the Microsoft Update services. The best  
line of defense against viruses and other malware is to keep your  
system and software up to date.

-------------------------------------------------------
2. How Immune is a Mac to Vulnerabilities?
-------------------------------------------------------

Some people are surprised to learn that the Mac they use is not  
immune from attacks. Because Apple has always taken security of its  
operating system very seriously, and tends to be much safer than a  
Windows computer straight out of the box, some Mac users may not take  
the necessary measures for keeping their Mac safe down the road.

As the Apple site states: "No computer is completely immune from  
attack unless you never turn it on." Here are a few tips for keeping  
a Mac in good health:

-- Keep your Mac up to date by clicking "install" when you see new  
security updates in the Software Update system preference.

-- Pay attention to software warnings and be aware of high risk  
practices. For instance, install software from vendors and web sites  
that you know and trust; keep your console locked when not in use;  
don't run unnecessary services (e.g. personal file sharing); and  
don't use insecure protocols (e.g. authenticated ftp, or other  
cleartext authentication).

-- Consider running antivirus software on your Mac to help protect  
the other computers on a shared network. Virus infected files that  
might not affect your Mac could still be passed on to friends running  
Windows.

-- Use a strong and unique password. Password Assistant on Mac OS X  
can help you to choose a password that's both secure and easy to  
remember by clicking the key icon next to a password field.

Another way for a Mac (and a PC, for that matter) to get infected is  
by targeted attacks or zero-day exploits. These attacks are launched  
on systems or software for which there is no known vulnerability or  
patch provided. Attackers can take advantage of that brief span of  
time when the computer security hole exists to carry out their attack.

A computer can get infected when a user visits a "rogue" Web site  
which contains code that exploits a vulnerability in the Web browser.  
Web browsers are a particular target for criminals because of their  
widespread use. Criminals can also send malicious email attachments,  
which exploit vulnerabilities in the application opening the attachment.

Therefore, exercise caution when visiting a site through a link  
provided in an email and never open an email attachment from a  
questionable source. As added protection, turn on your MIT spam  
screen to prevent these emails from reaching your inbox.

For more information about Apple and Security, visit:
<http://www.apple.com/macosx/features/security/>

For spam screening at MIT visit:
<http://web.mit.edu/ist/services/email/nospam/index.html>

Princeton University has collected information for the average Mac  
user as well as for advanced users and administrators at: <http:// 
www.princeton.edu/~psg/unix/osx/osxsecurity.html>

Thank you for taking responsibility for your computer's security.

=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security