|
||||||||||||||||||
IT Security: Advisories
Windows
December 1, 2004: Microsoft Bulletin MS04-040
On December 1, 2004, Microsoft announced a fix for a major problem in one or more Windows
operating systems supported by MIT. The specific vulnerability is contained within the Internet Explorer portion of the
Windows operating system. This problem is identified as Microsoft
Bulletin MS04-040.
This problem gives someone the ability to break into, and use, your computer for their own purposes. If that happens your
personal, sensitive or other data may be revealed or destroyed. It may also result in your computer being used to break
into other computers here at MIT or elsewhere.
We suggest that the fix be applied to all of your affected Microsoft Windows systems immediately unless your local system administrator -- the person who maintains your computer's software -- has instructed you to do otherwise. Please take the steps recommended below according to the version of Windows you are running.
- Microsoft Windows XP Service Pack 2 Take no action --- vulnerability does not exist
- Microsoft Windows XP Service Pack 1 Either upgrade to Windows XP Service Pack 2
Or apply update provided by Microsoft - Microsoft Windows 2000 (all levels) Either upgrade to Windows XP Service Pack 2
Or apply update provided by Microsoft - Other unsupported versions of Refer to the Microsoft Bulletin referenced above.
Microsoft Windows
The very best first line of defense against vulnerabilities is to take Microsoft patches automatically whenever feasible. We want to thank everyone who already uses Microsoft's Automatic Update Service or MIT's local Windows Automatic Update Service, and if you already use one of these services, the patch has likely already been installed on your machine.
November 23, 2004: NTBugtraq Advisory
Affected: SecureCRT V4.1, V4.0 (and probably lower)
Impact: All Windows platforms using SecureCRT -- Critical
Action to Take: Update to Secure CRT V4.1.9
You can download Secure CRT V4.1.9 from the MIT IS&T Windows Software Site. Please note that you need a current personal certificate to download this software.
Notable Features of SecureCRT V4.1.9:
- Includes 4.1.9 binaries
- Adds path to VSH and VCP to PATH variable (for users who would like to use the command line)
- First-time users (i.e. anyone but the account that installed SecureCRT) will only see a quick, one-time repair that doesn't require the installer to be on the user's system
- New "Create Athena Shortcut" item in the SecureCRT Program Files folder will create (and ask to overwrite if it exists) a shortcut to Athena. This is instead of creating a shortcut via repair. Only the installing account will have this shortcut automatically.
- Running the "Create Athena Shortcut" item will allow the user to create a GSSAPI (Kerberos Tickets) shortcut to Athena if they prefer (click Options... button)
Known Issues:
There are no known issues for this version of SecureCRT 4.1.9.
Apple/Macintosh
December 2, 2004: Security Update 2004-12-02
Apple has announced a new security update concerning all systems running Mac OS
X v10.3.6 and 10.2.8 and Mac OS X Server v10.3.6 and 10.2.8. The details of the vulnerabilities are documented on the
Apple Support Site. All Mac OS X users are strongly
encouraged to install the latest security patches by running Software Update (located under the Apple menu).
The very best first line of defense against vulnerabilities is to set the Mac OS X Software Update to automatically check for updates frequently.
Linux
There are no Linux security advisories at this time.
