ACC Mail ACC ACC Homepage
About ACCACC NewsFaculty Services IndexStudent Services IndexACC User DocumentationACC Computing PoliciesRecommended Systems and Purchase informationComputer Support Services
 

Security Bulletin Summary February 10, 2005

Windows Security Bulletin

Overview
Who is Affected

Recommended Actions

Administrative Users
Academic PC Users
All Home PC Users
Academic Mac Users

Further Assistance

Other Bulletins

ADMINISTRATIVE Staff: You will be contacted directly by Administrative Computing to install this update. You should not take any action regarding your OFFICE computer. If you use a computer at HOME, please read on.

STUDENTS, FACULTY, ACADEMIC STAFF AND ALL HOME USERS (including administrative home users) must all follow the procedures below.

I. OVERVIEW

Microsoft released 7 critical updates and 2 important updates for Microsoft Windows and Internet Explorer on 02/08/2005. Some of the vulnerabilites patched by these updates may allow somebody to remotely control a computer or remotely execute files on a computer if these updates are not applied to that computer.

Not all of these updates apply to every version of Windows or Internet Explorer, so you may only need to install some of the updates. For example, if you have Windows XP SP2 you will install six updates, but if you have Windows 98, you may install two or three depending on your version of Internet Explorer. If you use automatic updates or windowsupdate.microsoft.com this will be determined for you.

MS05-015 is a critical update and applies to Windows XP, Windows XP SP1, Windows XP SP2, Windows XP 64-Bit Edition SP1, Windows XP 64-Bit Edition Version 2003, Windows Server 2003, Windows Server 2003 64-Bit Edition, Windows 2000 SP3, Windows 2000 SP4. If this patch is not applied, there is a possibility for somebody to remotely control or execute files on your computer.

MS05-014 is a critical update and applies to Windows XP, Windows XP SP1, Windows 2000 SP4 or SP3, Windows ME, Windows 98, or Windows 98 SE running Internet Explorer 6 SP1 and Windows XP SP1 (64-bit edition), Windows Server 2003, Windows XP SP2 running Internet Explorer 6. This is a cumulative security update for Internet Explorer.

MS05-013 is a critical update and applies to Windows XP SP1 and SP2, Windows XP 64-bit SP1, Windows 2000 SP3 and SP4, Windows Server 2003, and Windows Server 2003 64-Bit Edition. If this patch is not applied, there is a possibility for somebody to remotely control or execute files on your computer.

MS05-012 is a critical update and applies to Windows XP SP1 and SP2, Windows XP 64-bit edition SP1, Windows XP 64-Bit Edition Version 2003, Windows 2000 SP3 and SP4, Windows Server 2003, Windows Server 2003 64-Bit Edition, Office XP, Office 2003, and Office 2003 SP1. If this patch is not applied, there is a possibility for somebody to remotely control or execute files on your computer.

MS05-011 is a critical update and applies to Windows XP SP1 and SP2, Windows XP 64-Bit Edition SP1, Windows XP 64-Bit Edition Version 2003, Windows 2000 SP1 and SP2, Windows Server 2003, and Windows Server 2003 64-Bit Edition. If this patch is not applied, there is a possibility for somebody to remotely control or execute files on your computer.

MS05-010 is a critical update and applies to Windows NT Server 4.0 SP6a, Windows NT Server 4.0, Terminal Server Edition SP6, Windows 2000 Server SP3 and SP4, Windows Server 2003, and Windows Server 2003 64-Bit Edition If this patch is not applied, there is a possibility for somebody to remotely control or execute files on your computer.

MS05-009 is a critical update and apples to Windows Media Player 9 on Windows XP, Windows 2000, or Windows Server 2003, Windows XP 64-Bit Edition running Windows MessengerNT Server 4.0 SP6a, Windows NT Server 4.0, Terminal Server Edition SP6, Windows 2000 SP3, Windows 2000 SP4, Windows XP, Windows XP SP1, Windows XP 64-Bit Edition SP1, Windows XP 64-Bit Edition Version 2003, Windows Server 2003, andWindows Server 2003 64-Bit Edition. If this patch is not applied, there is a possibility for buffer overrun exploits.

MS05-008 is an important update and apples to Windows 2000 SP3, Windows 2000 SP4, Windows XP, Windows XP SP1, Windows XP 64-Bit Edition SP1, Windows XP 64-Bit Edition Version 2003, Windows Server 2003, and Windows Server 2003 64-Bit Edition. If this patch is not applied, there is a possibility for somebody to remotely control or execute files on your computer.

MS05-007 is an important update and apples to Windows XP SP1 and SP2, and Windows XP 64-Bit Edition SP1. If this patch is not applied Windows could allow information disclosure.

Note that Microsoft releases updates on the second Tuesday of every month.

II. WHO IS AFFECTED?

All Windows 98, Windows 98 SE, Windows ME, Windows NT 4.0, Windows 2000, and Windows XP users are affected by at least one of these updates.

III. RECOMMENDED ACTION - ADMINISTRATIVE USERS ON CAMPUS

The Administrative Computing Center will be contacting those in Administrative offices. Do not attempt to follow the directions below on your office system, but please do so for your home computer(s).

IV. RECOMMENDED ACTION - ACADEMIC WINDOWS USERS and ALL HOME USERS

Everyone must install all necessary Windows critical updates.. The best way to apply these updates is to open INTERNET EXPLORER and go to http://windowsupdate.microsoft.com/
(Note: You must use Internet Explorer; Netscape will not work.) Follow the instructions to scan for updates and install all **critical** updates identified (recommended updates and driver updates are not necessary).

Your Windows computer may already be configured to automatically download software updates. If you received notification on your computer to install this critical update or restart your computer (after July 13), your computer may already be patched for Windows updates. If you are not sure if the updates have been applied, go to http://windowsupdate.microsoft.com with Internet Explorer and scan for updates. Be sure to apply any critical updates that are available. If no critical updates are available, you have already applied the updates.

If you find by the above methods that your computer is not automatically updating, see http://www2.haverford.edu/acc/docs/general/osupdates.html for instructions on how to set up your computer to automatically notify you and install these updates as they are released.

All Windows users must also make sure that they have installed the latest anti-virus software configured by ACC (Virusscan 7 for XP), and that you have the latest definitions issued February 9 (dat version 4427) or later. For virus software information and downloads go to http://www2.haverford.edu/acc/virus/virus.html.

V. RECOMMENDED ACTION - ACADEMIC MAC USERS

Macintosh users must also be sure to get all critical operating system updates and Office updates. Look for the Software Update tool in your Control Panel (OS 9) or in System Preferences (OS X) for operating system updates. For detailed instructions see http://www2.haverford.edu/acc/docs/general/osupdates.html.

For information and downloads of current anti-virus software, go to http://www2.haverford.edu/acc/virus/macantivirus.html

VI. FOR FURTHER ASSISTANCE

Students should contact compctr@haverford.edu or call the Helpdesk at 610-896-1480, open 9am to 5pm, Monday through Friday.

Faculty members and academic staff should contact their liaison (see http://www2.haverford.edu/acc/about/liaisons.html ) or call the Helpdesk at 610-896-1480, open 9am to 5pm, Monday through Friday.

Administrative users should contact Administrative Computing (610-896-1044).

For Questions and Comments, contact Haverford College's Academic Computing Center.
Last updated on March 8, 2005

HC HomeCampus DirectoryHaverford College Library ResourcesHaverford College Web Search EngineAcademic DepartmentsACC Home