ACC Mail ACC ACC Homepage
About ACCACC NewsFaculty Services IndexStudent Services IndexACC User DocumentationACC Computing PoliciesRecommended Systems and Purchase informationComputer Support Services
 

Security Bulletin Summary January 6, 2006

Windows Security Bulletin

Overview
Who is Affected

Recommended Actions

Administrative Users
Academic PC Users
All Home PC Users
Academic Mac Users

Further Assistance

Other Bulletins

ADMINISTRATIVE Staff: You will be contacted directly by Administrative Computing to install this patch. You should not take any action regarding your OFFICE computer. If you use a computer at HOME, please read on.

STUDENTS, FACULTY, ACADEMIC STAFF AND ALL HOME USERS (including administrative home users) must all follow the procedures below.

I. OVERVIEW

On Tuesday, December 27, 2005, Microsoft became aware of public reports of malicious attacks on some customers involving a previously unknown security vulnerability in the Windows Meta File (WMF) code area in the Windows platform. This vulnerability allows execution of remote code when image files are viewed using multiple programs in Windows including but not limited to Internet Explorer, Outlook, Windows Explorer, or Firefox. It is also possible for the code to execute simply by having the image file residing on the machine when certain types of indexing software is used.

Microsoft released a critical update for Microsoft Windows on 01/05/2006. Some of the vulnerabilites patched by this update may allow somebody to remotely control a computer or remotely execute files on a computer if this update is not applied to that computer.

This update does not apply to every version of Windows, so you may not need to install the updates. For example, if you have Windows XP SP2 you will install the update, but if you have Windows 98, you will not install it. If you use automatic updates or windowsupdate.microsoft.com this will be determined for you.

MS06-001 is a critical update and applies to Windows XP, Windows XP SP1, Windows XP SP2, Windows XP 64-Bit Edition SP1, Windows XP 64-Bit Edition Version 2003, Windows Server 2003, and Windows Server 2003 64-Bit Edition.

Be sure your VirusScan software is up to date by following these instructions http://www.haverford.edu/acc/virus/xpantivirus.html#defupdate.

Always follow good practices and be wary of what you click on. See http://www.haverford.edu/acc/protect/ for more information.

Note that Microsoft releases updates on the second Tuesday of every month.

II. WHO IS AFFECTED?

All Windows XP and Windows Server 2003 computers may be affected by this vulnerability. Machines running Windows 98 or Windows ME are believed to be vulnerable and Microsoft will not be releasing a patch so these machines should be upgraded or removed from an internet accessable network.

III. RECOMMENDED ACTION - ADMINISTRATIVE USERS ON CAMPUS

The Administrative Computing Center will be contacting those in Administrative offices. Do not attempt to follow the directions below on your office system, but please do so for your home computer(s).

IV. RECOMMENDED ACTION - ACADEMIC WINDOWS USERS and ALL HOME USERS

 

Everyone must install all necessary Windows critical updates.. The best way to apply these updates is to open INTERNET EXPLORER and go to http://windowsupdate.microsoft.com/
(Note: You must use Internet Explorer; Netscape will not work.) Follow the instructions to scan for updates and install all **critical** updates identified (recommended updates and driver updates are not necessary).

Your Windows computer may already be configured to automatically download software updates. If you received notification on your computer to install this critical update or restart your computer (after July 13), your computer may already be patched for Windows updates. If you are not sure if the updates have been applied, go to http://windowsupdate.microsoft.com with Internet Explorer and scan for updates. Be sure to apply any critical updates that are available. If no critical updates are available, you have already applied the updates.

If you find by the above methods that your computer is not automatically updating, see http://www2.haverford.edu/acc/docs/general/osupdates.html for instructions on how to set up your computer to automatically notify you and install these updates as they are released.

All Windows users must also make sure that they have installed the latest anti-virus software configured by ACC (Virusscan 7 for XP), and that you have the latest definitions issued January 4 (dat version 4667) or later. For virus software information and downloads go to http://www2.haverford.edu/acc/virus/virus.html.

V. RECOMMENDED ACTION - ACADEMIC MAC USERS

Macintosh users are not affected by this vulnerability.

Macintosh users must also be sure to get all critical operating system updates and Office updates. Look for the Software Update tool in your Control Panel (OS 9) or in System Preferences (OS X) for operating system updates. For detailed instructions see http://www2.haverford.edu/acc/docs/general/osupdates.html.

For information and downloads of current anti-virus software, go to http://www2.haverford.edu/acc/virus/macantivirus.html

VI. FOR FURTHER ASSISTANCE

Students should contact compctr@haverford.edu or call the Helpdesk at 610-896-1480, open 9am to 5pm, Monday through Friday.

Faculty members and academic staff should contact their liaison (see http://www2.haverford.edu/acc/about/liaisons.html ) or call the Helpdesk at 610-896-1480, open 9am to 5pm, Monday through Friday.

Administrative users should contact Administrative Computing (610-896-1044).

For Questions and Comments, contact Haverford College's Academic Computing Center.
Last updated on January 6, 2006

HC HomeCampus DirectoryHaverford College Library ResourcesHaverford College Web Search EngineAcademic DepartmentsACC Home