[auton-users] New Windows security vulnerabilities
Dan Pelleg
dpelleg+ at cs.cmu.edu
Wed Sep 10 16:20:32 EDT 2003
This is from SCS facilities. Based on previous experience I expect them to
give you a little bit of time to do the update yourself, and if you don't,
try to do it remotely. Here "remotely" means your desktop will suddenly
reboot at an inconvenient time.
------------------------------------------------------------
Hello,
There are two recent sets of Microsoft security vulnerabilities that
administrators of Windows hosts should be aware of. The first one is
especially critical:
1) There is a new set of critical RPC/DCOM vulnerabilities that weren't
addressed by the latest RPC/DCOM patch. See:
http://www.microsoft.com/technet/security/bulletin/MS03-039.asp
for details. Additional information is available from:
http://support.microsoft.com/?kbid=824146
In theory, these vulnerabilities are as serious as the one that gave
us the Blaster and Welchia worms. You should patch any Windows hosts
that you have responsibility for (Windows Update has the patch).
2) A set of vulnerabilities in MS Office and related products was recently
announced. These vulnerabilities would allow someone to create a
a specially-crafted Word (or WordPerfect), PowerPoint, or Excel document
that would run arbitrary code on your PC if opened. People using MS Office
(along with various other products, see:
http://www.microsoft.com/security/security_bulletins/ms03-037.asp
for details) should upgrade to a patched version.
If you installed Office from your own CD, visit the Office Update site
(accessible via a link on the Windows Update page) to get the patches.
If you installed Office from Monolith (or have PC that Facilities installed
and that came with Office), the installation files on Monolith have been
updated with the latest patches. To update/patch the version of Office on
your PC, go to the Microsoft Office distribution area on Monolith
(pc_dist\Microsoft\Office) and run Setup.exe for the version of Office
(2000 or XP) that you have. You will be prompted to upgrade.
More information about the Autonlab-users
mailing list