[Research] IMPORTANT: Run Windows Update Right Away

Michael J. Baysek mjbaysek at cs.cmu.edu
Thu Apr 5 11:40:25 EDT 2007 

Hi Lab & friends,

You may have received notice from facilities (or friend) to run Windows 
Update in response to MS07-017.

This vulnerability is particularly bad.  There are already a number of 
exploits in use by spammers and malware for this problem.  I need to 
stress to you, Run Windows Update Right Away. 

[insert typical anti-MS rant here]

Keeping in line with their historical promptness for fixing root 
exploits, Microsoft knew about the problem since December.  It seems it 
takes four months and billions of dollars to patch a vulnerability in 
code that processes an animated mouse cursor.


Michael J. Baysek, Systems Analyst
Carnegie Mellon University - Auton Lab
www.cmu.edu - www.autonlab.org
412-268-8939



Help Desk wrote, On 04/05/07 10:05:
> April 5, 2007
>
> Microsoft released a critical Windows security update on April 3, 2007.
> The security update addresses a vulnerability with animated cursor files,
> which is being actively exploited and is considered by Microsoft and the
> security community to be critical enough to warrant this out of cycle patch.
>
> * All Windows PCs must be patched. *
>
> To patch your PC:
>
> Click on the update icon on the taskbar (it is a globe or yellow shield with
> an exclamation point, depending on which version of Windows you're running).
>
> If you do not have such an icon, run Windows Update by going to the site:
>     
>    http://windowsupdate.microsoft.com
>
> After patching, you must reboot your PC in order for the patch to take
> effect.
>
> Additional information about the vulnerabilities addressed in this patch can
> be found at:
>     
>    http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx
>
> Microsoft and others are reporting some problems caused by the patch, though
> Facilities has seen no problems with supported applications.
> More information on known problems with this patch can be found at:
>     
>    http://support.microsoft.com/kb/935448
>
> If you have any questions or problems applying these patches, please contact
> the SCS Help Desk at x8-4231 or send mail to help at cs.cmu.edu.
>
> Thank you for your attention, 
>
> SCS Help Desk 
>
>
>
>
>   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://mailman.srv.cs.cmu.edu/mailman/private/autonlab-research/attachments/20070405/72422c8f/attachment.bin>

More information about the Autonlab-research mailing list