MIT Network Security


Beware of Windows Vulnerabilities

Given the recent major vulnerabilities in the Windows operating system, it's critical that Windows users watch for announcements and install recommended patches immediately. Follow these guidelines:

* Sign up to receive alerts of major vulnerabilities that affect MIT by subscribing to the security-fyi@mit.edu mailing list. To subscribe, visit mailman.mit.edu/mailman/
listinfo/security-fyi.

* Get the latest information from IS about Windows at web.mit.edu/is/topics/windows/

* Update your Windows' system with critical patches through Windows Update at
windowsupdate.microsoft.com/

* If you receive e-mail from Network Security, be sure to follow the directions completely. For optimal service, please keep the subject line intact when replying to the initial e-mail.

PLEASE PATCH NOW:
Major Vulnerabilities in the Windows Operating System

Network Security strongly advises Windows users to immediately install patch MS04-007.

How to Patch Your Windows System:

  1. To prevent your machine from being compromised while you are applying the patch, Network Security encourages users to implement port filtering described at http://web.mit.edu/net-security/prevent-reinfection.html.

  2. In most cases, you will be able to use Microsoft's free Windows Update service to patch your computer. From your Windows computer, using Internet Explorer, go to http://windowsupdate.microsoft.com and follow the instructions for obtaining all Critical Updates. The easiest way to accomplish this is to continue running Windows Update until there are no more critical updates left to install. If there are several of them to install you will likely need to reboot more than once. Please note: Windows 2000 Service Pack 4 may break older versions of Kerberos. This can be fixed by installing the latest version of Kerberos.

    3.
If you would like assistance from Information Services and Technology, please contact the Help Desk at 3-1102 or computing-help@mit.edu

--MIT Network Security Home Page--

mit Last modified 11 February 2004
Copyright ©2004 Massachusetts Institute of Technology
Comments and questions to netsec-www@mit.edu