[IS&T Security-FYI] SFYI Newsletter, March 8, 2010
Monique Yeaton
myeaton at MIT.EDU
Mon Mar 8 13:17:37 EST 2010
In this issue:
1. Microsoft Security Updates
2. Microsoft Announces Vulnerability in VBScript
3. DHS Emphasizes Cybersecurity Awareness
4. Event: SANS in Boston for Security Training, May 25 - July 27
-------------------------------------
1. Microsoft Security Updates
-------------------------------------
On Tuesday, March 9, Microsoft intends to release 2 new security
bulletins for the month, neither of which are marked as critical.
Systems affected:
Windows XP, Vista and 7
Office 2004 and 2008 for Mac
Microsoft Excel (all versions)
Open XML File Format Converter for Mac
SharePoint Server 2007
Read the full bulletin:
http://www.microsoft.com/technet/security/bulletin/ms10-mar.mspx
-------------------------------------------------------------
2. Microsoft Announces Vulnerability in VBScript
-------------------------------------------------------------
Microsoft is investigating new public reports of a vulnerability in
VBScript that is exposed on supported versions of Microsoft Windows
2000, Windows XP, and Windows Server 2003 through the use of Internet
Explorer.
Investigation has shown that the vulnerability cannot be exploited on
Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server
2008.
The main impact of the vulnerability is remote code execution.
Microsoft is not aware of attacks that try to use the reported
vulnerabilities, or of customer impact at this time. A user is only
vulnerable if convinced to visit a site which has the malicious code
embedded in the script.
Read the full bulletin:
http://www.microsoft.com/technet/security/advisory/981169.mspx
Information about the issue can also be found here:
http://blogs.technet.com/srd/archive/2010/03/01/help-keypress-vulnerability-in-vbscript-enabling-remote-code-execution.aspx
----------------------------------------------------------
3. DHS Emphasizes Cybersecurity Awareness
----------------------------------------------------------
Speaking at the RSA Conference in San Francisco last Wednesday,
Secretary of the Department of Homeland Security (DHS) Janet
Napolitano announced the National Cybersecurity Awareness Campaign
Challenge Competition, a contest to solicit ideas from individuals and
industry about how to best engage the American public in a discussion
about cybersecurity.
"A secure cyber environment is as much about people and habits and
culture as it is about machines," said Napolitano. "...We need to have
an ongoing, two-way conversation between the public and private
sectors [about how to improve cybersecurity]."
Proposals submitted to DHS before the April 30 deadline will be
evaluated based on factors that include teamwork, effective metrics
for distribution and engagement, use of Web 2.0 technology, compliance
with spam laws, privacy, repeatability, feedback mechanism, list
building, transparency, and message.
Read the full article:
http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=223101441
[Source: informationweek.com]
---------------------------------------------------------------------------------
4. Event: SANS in Boston for Security Training, May 25 - July 27
---------------------------------------------------------------------------------
Mentor Bill Terwilliger is teaching Security 560: Network Penetration
Testing and Ethical Hacking in Somerville, MA. This class includes:
Setting up an effective penetration testing infrastructure
Establishing ground rules with the target organization
Discussing methods of penetration and ethical hacking
Evaluating the security of network services and operating systems
You can save 25% off the regular SANS tuition fee with a group
discount. Register by April 27 and get a discount up to $350. The full
tuition cost is $3,095.
Learn more about the Mentor SANS program or register online here:
https://www.sans.org/mentor/
[Source: sans.org]
=
=
=
========================================================================
Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB
>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100308/97e48c59/attachment-0001.htm
More information about the ist-security-fyi
mailing list