[WinPartners] Recent Web Browser Vulnerabilities - preventative measures
Jonathan McIndoe Hunt
jmhunt at MIT.EDU
Mon Jul 12 12:55:47 EDT 2004
Date: Monday, 12 July 2004
To: itpartners at mit.edu, winpartners at mit.edu, browser-release at mit.edu,
is&t at mit.edu
From: IS&T Client Support Services - Software <jmhunt at mit.edu>
Subject: Recent Web Browser Vulnerabilities - preventative measures
Recently, you have likely heard from the news media and other sources about
a series of web browser vulnerabilities and exploits affecting Microsoft's
Internet Explorer and Mozilla.org's open source Mozilla and Firefox
browsers on Windows. Although MIT has not experienced any significant
number of compromises resulting from Web browser vulnerabilities and
exploits, Information Services and Technology, IS&T, would like to take
this opportunity to remind members of the IT Community of actions you can
take to decrease risk of compromise and assist in ensuring a stable
computing environment for you and your colleagues.
Please share this important preventative information with your Department,
Lab or Center. Should you have any pressing questions or concerns, please
contact the Software Release Team at swrt at mit.edu and we will ensure your
inquiry reaches the appropriate IS&T team.
Recommendations to Lessen One's Risk of Compromise
1. Keep your workstations and servers patched.
IS&T recommends configuring your machine to automatically apply critical
updates and offers the following services to help members of the MIT
community take advantage of automatic software updates.
- Windows: MIT's Windows Automatic Update Service
http://web.mit.edu/ist/topics/windows/updates/
- Mac OS X: Apple's Software Update
http://web.mit.edu/ist/topics/macos/updates/
- Linux: MIT's Red Hat Network Service
http://web.mit.edu/ist/topics/linux/rhn.html
2. Use caution when visiting "unknown/unfamiliar" websites.
Surf the web with care. Avoid clicking on URLs in unsolicited e-mails as
they may lead you to websites that can cause downloading of malicious
applications. Do NOT accept downloads unless you are sure of their origin
and purpose.
3. Use Anti-Virus Software
Anti-Virus Software, like VirusScan and Virex, available from IS&T, help
prevent many types of compromises, as well as detect and in some cases
clean up from infections and compromises. Like with all protection
software today, you must keep current with the vendor provided updates in
order to combat the ever changing list of vulnerabilities and exploits.
Many of these software packages, including IS&T's recommended anti-virus
products, automatically manage updates. More information on anti-virus
protection is available at:
http://web.mit.edu/ist/topics/virus/
4. Plan to upgrade to Windows XP Professional
IS&T continues to monitor the upcoming release of Microsoft's Windows XP
Service Pack 2 (SP2), expected later this summer. Its default settings for
Windows XP Professional will be significantly more secure and prevent many
types of attacks. Windows 2000 users should upgrade to Windows XP
Professional to take advantage of its current and upcoming features.
Further information about licensing options available to members of the MIT
community is available at:
http://web.mit.edu/ist/products/vsls/
MIT continues to benefit from everyone's assistance and efforts securing
their workstations and contributing to the security of our broader
computing environment. Our thanks to the members of the Community who have
already set their workstations to update automatically.
Thanks,
Jonathan
__________________________________________
Jonathan McIndoe Hunt 617.253.0172
Manager of Client Software Services
Information Services & Technology, MIT
http://web.mit.edu/ist/topics/software/
More information about the winpartners
mailing list