ACC Mail ACC ACC Homepage
About ACCACC NewsFaculty Services IndexStudent Services IndexACC User DocumentationACC Computing PoliciesRecommended Systems and Purchase informationComputer Support Services
 

Security Bulletin Summary July 2004

Windows Security Bulletin

Overview
Who is Affected

Recommended Actions

Administrative Users
Academic PC Users
All Home PC Users
Academic Mac Users

Further Assistance

Other Bulletins

ADMINISTRATIVE Staff: You will be contacted directly by Administrative Computing to install this update. You should not take any action regarding your OFFICE computer. If you use a computer at HOME, please read on.

STUDENTS, FACULTY, ACADEMIC STAFF AND ALL HOME USERS (including administrative home users) must all follow the procedures below.

I. OVERVIEW

Microsoft released 2 critical updates, 4 important updates, and 1 moderate update for Microsoft Windows and Internet Explorer on 7/13/2004. Some of the vulnerabilites patched by these updates may allow somebody to remotely control a computer or remotely execute files on a computer if these updates are not applied to that computer.

Not all of these updates apply to every version of Windows or Internet Explorer, so you may only need to install some of the updates. For example, if you have Windows XP you will install 4 updates, but if you have Windows 98, you will only install one or two depending on your version of Internet Explorer. If you use automatic updates or windowsupdate.microsoft.com this will be determined for you.

MS04-022 is a critical update and applies to Windows XP, Windows 2000, and Windows NT. If this patch is not applied, there is a possibility for somebody to remotely control or execute files on your computer.

MS04-023 is a critical update and applies to Internet Explorer 6 SP1. IE 6 SP1 may be installed on any version of Windows, but is installed by default in Windows XP. If this patch is not applied, there is a possibility for somebody to remotely control or execute files on your computer.

MS04-019 is an important update that only applies to Windows 2000.

MS04-020 is an important update that only applies to Windows 2000 and Windows NT.

MS04-021 is an important update that only applies to Windows NT running Internet Information Server (IIS) 4.0. If this patch is not applied to an affected computer, there is a possibility for somebody to remotely control or execute files on that computer.

MS04-024 is an important update that applies to Windows XP, Windows 2000, and Windows NT. If this patch is not applied, there is a possibility for somebody to remotely control or execute files on your computer.

MS04-018 is a moderate update that apples to all versions of Windows. It is a cumulative security update for Outlook Express. Even if you do not use Outlook Express, it is installed on your computer and the update needs to be applied.

Note that Microsoft releases updates on the second Tuesday of every month.

II. WHO IS AFFECTED?

All Windows 98, Windows 98 SE, Windows ME, Windows NT 4.0, Windows 2000, and Windows XP users are affected by at least one of these updates.

III. RECOMMENDED ACTION - ADMINISTRATIVE USERS ON CAMPUS

The Administrative Computing Center will be contacting those in Administrative offices. Do not attempt to follow the directions below on your office system, but please do so for your home computer(s).

IV. RECOMMENDED ACTION - ACADEMIC WINDOWS USERS and ALL HOME USERS

Everyone should install all the Windows critical updates.. The best way to apply critical updates is to open INTERNET EXPLORER and go to http://windowsupdate.microsoft.com/
(Note: You must use Internet Explorer; Netscape will not work.) Follow the instructions to scan for updates and install all **critical** updates identified (recommended updates and driver updates are not necessary).

Your Windows computer may already be configured to automatically download software updates. If you received notification on your computer to install this critical update or restart your computer (after July 13), your computer may already be patched for Windows updates. If you are not sure if the updates have been applied, go to http://windowsupdate.microsoft.com with Internet Explorer and scan for updates. Be sure to apply any critical updates that are available. If no critical updates are available, you have already applied the updates.

If you find by the above methods that your computer is not automatically updating, see http://www2.haverford.edu/acc/docs/general/osupdates.html for instructions on how to set up your computer to automatically notify you and install these updates as they are released.

All Windows users must also make sure that they have installed the latest anti-virus software configured by ACC (Virusscan 7 for XP), and that you have the latest definitions issued July 15 (dat version 4377) or later. For virus software information and downloads go to http://www2.haverford.edu/acc/virus/virus.html.

V. RECOMMENDED ACTION - ACADEMIC MAC USERS

Macintosh users must also be sure to get all critical operating system updates and Office updates. Look for the Software Update tool in your Control Panel (OS 9) or in System Preferences (OS X) for operating system updates. For detailed instructions see http://www2.haverford.edu/acc/docs/general/osupdates.html.

For information and downloads of current anti-virus software, go to http://www2.haverford.edu/acc/virus/macantivirus.html

VI. FOR FURTHER ASSISTANCE

Students should contact compctr@haverford.edu or call the Helpdesk at 610-896-1480, open 9am to 5pm, Monday through Friday.

Faculty members and academic staff should contact their liaison (see http://www2.haverford.edu/acc/about/liaisons.html ) or call the Helpdesk at 610-896-1480, open 9am to 5pm, Monday through Friday.

Administrative users should contact Administrative Computing (610-896-1044).

For Questions and Comments, contact Haverford College's Academic Computing Center.
Last updated on March 8, 2005

HC HomeCampus DirectoryHaverford College Library ResourcesHaverford College Web Search EngineAcademic DepartmentsACC Home