Windows Security Bulletin- October 13, 2004

Security Bulletin Summary October 13, 2004

Windows Security Bulletin

Overview
Who is Affected

Recommended Actions

Administrative Users
Academic PC Users
All Home PC Users
Academic Mac Users

Further Assistance

Other Bulletins

ADMINISTRATIVE Staff: You will be contacted directly by Administrative Computing to install this update. You should not take any action regarding your OFFICE computer. If you use a computer at HOME, please read on.

STUDENTS, FACULTY, ACADEMIC STAFF AND ALL HOME USERS (including administrative home users) must all follow the procedures below.

I. OVERVIEW

Microsoft released 6 critical updates and 3 important updates for Microsoft Windows and Internet Explorer on 10/13/2004. Some of the vulnerabilites patched by these updates may allow somebody to remotely control a computer or remotely execute files on a computer if these updates are not applied to that computer.

Not all of these updates apply to every version of Windows or Internet Explorer, so you may only need to install some of the updates. For example, if you have Windows XP SP2 you will install 1 update, but if you have Windows 98, you may install two or three depending on your version of Internet Explorer. If you use automatic updates or windowsupdate.microsoft.com this will be determined for you.

MS04-038 is a critical update and applies to Windows NT Server 4.0 SP6a, Windows NT Server 4.0, Terminal Server Edition SP6, Windows XP, Windows XP SP1, Windows XP SP2, Windows XP 64-Bit Edition SP1, Windows XP 64-Bit Edition Version 2003, Windows Server 2003, Windows Server 2003 64-Bit Edition, Windows 2000 SP3, Windows 2000 SP4, Windows 98, Windows 98 Second Edition (SE), and Windows Millennium Edition (Windows Me). If this patch is not applied, there is a possibility for somebody to remotely control or execute files on your computer.

MS04-037 is a critical update and applies to Windows NT Server 4.0 SP6a, Windows NT Server 4.0, Terminal Server Edition SP6, Windows 2000 SP3, Windows 2000 SP4, Windows XP, Windows XP SP1, Windows XP 64-Bit Edition SP1, Windows XP 64-Bit Edition Version 2003, Windows Server 2003, Windows Server 2003 64-Bit Edition, Windows 98, Windows 98 Second Edition (SE), and Windows Millennium Edition (Windows Me). If this patch is not applied, there is a possibility for somebody to remotely control or execute files on your computer.

MS04-036 is a critical update and applies to Windows NT Server 4.0 SP6a, Windows 2000 Server SP3, Windows 2000 Server SP4, Windows Server 2003, andWindows Server 2003 64-Bit Edition. If this patch is not applied, there is a possibility for somebody to remotely control or execute files on your computer.

MS04-035 is a critical update and applies to Windows XP 64-Bit Edition Version 2003, Windows Server 2003, Windows Server 2003 64-Bit Edition. If this patch is not applied, there is a possibility for somebody to remotely control or execute files on your computer.

MS04-034 is a critical update and applies to Windows XP, Windows XP SP1, Windows XP 64-Bit Edition SP1, Windows XP 64-Bit Edition Version 2003, Windows Server 2003, and Windows Server 2003 64-Bit Edition. If this patch is not applied, there is a possibility for somebody to remotely control or execute files on your computer.

MS04-032 is a critical update and applies to Windows NT Server 4.0 SP6a, Windows NT Server 4.0, Terminal Server Edition SP6, Windows 2000 SP3, Windows 2000 SP4, Windows XP, Windows XP SP1, Windows XP 64-Bit Edition SP1, Windows XP 64-Bit Edition Version 2003, Windows Server 2003, and Windows Server 2003 64-Bit Edition If this patch is not applied, there is a possibility for somebody to remotely control or execute files on your computer.

MS04-031 is an important update and apples to Windows NT Server 4.0 SP6a, Windows NT Server 4.0, Terminal Server Edition SP6, Windows 2000 SP3, Windows 2000 SP4, Windows XP, Windows XP SP1, Windows XP 64-Bit Edition SP1, Windows XP 64-Bit Edition Version 2003, Windows Server 2003, andWindows Server 2003 64-Bit Edition. If this patch is not applied, there is a possibility for somebody to remotely control or execute files on your computer.

MS04-030 is an important update and apples to Windows 2000 SP3, Windows 2000 SP4, Windows XP, Windows XP SP1, Windows XP 64-Bit Edition SP1, Windows XP 64-Bit Edition Version 2003, Windows Server 2003, Windows Server 2003 64-Bit Edition, Internet Information Services 5.0, Internet Information Services 5.1, and Internet Information Services 6.0. If this patch is not applied, there is a possibility for somebody to remotely control or execute files on your computer.

MS04-029 is an important update and apples to Windows NT Server 4.0 Service Pack (SP) SP6a and Windows NT Server 4.0, Terminal Server Edition SP6. If this patch is not applied, there is a possibility for somebody to remotely control or execute files on your computer.

Note that Microsoft releases updates on the second Tuesday of every month.

II. WHO IS AFFECTED?

All Windows 98, Windows 98 SE, Windows ME, Windows NT 4.0, Windows 2000, and Windows XP users are affected by at least one of these updates.

III. RECOMMENDED ACTION - ADMINISTRATIVE USERS ON CAMPUS

The Administrative Computing Center will be contacting those in Administrative offices. Do not attempt to follow the directions below on your office system, but please do so for your home computer(s).

IV. RECOMMENDED ACTION - ACADEMIC WINDOWS USERS and ALL HOME USERS

Everyone must install all necessary Windows critical updates.. The best way to apply thesel updates is to open INTERNET EXPLORER and go to http://windowsupdate.microsoft.com/
(Note: You must use Internet Explorer; Netscape will not work.) Follow the instructions to scan for updates and install all **critical** updates identified (recommended updates and driver updates are not necessary).

Your Windows computer may already be configured to automatically download software updates. If you received notification on your computer to install this critical update or restart your computer (after July 13), your computer may already be patched for Windows updates. If you are not sure if the updates have been applied, go to http://windowsupdate.microsoft.com with Internet Explorer and scan for updates. Be sure to apply any critical updates that are available. If no critical updates are available, you have already applied the updates.

If you find by the above methods that your computer is not automatically updating, see http://www2.haverford.edu/acc/docs/general/osupdates.html for instructions on how to set up your computer to automatically notify you and install these updates as they are released.

All Windows users must also make sure that they have installed the latest anti-virus software configured by ACC (Virusscan 7 for XP), and that you have the latest definitions issued October 6 (dat version 4397) or later. For virus software information and downloads go to http://www2.haverford.edu/acc/virus/virus.html.

V. RECOMMENDED ACTION - ACADEMIC MAC USERS

Macintosh users must also be sure to get all critical operating system updates and Office updates. Look for the Software Update tool in your Control Panel (OS 9) or in System Preferences (OS X) for operating system updates. For detailed instructions see http://www2.haverford.edu/acc/docs/general/osupdates.html.

For information and downloads of current anti-virus software, go to http://www2.haverford.edu/acc/virus/macantivirus.html

VI. FOR FURTHER ASSISTANCE

Students should contact compctr@haverford.edu or call the Helpdesk at 610-896-1480, open 9am to 5pm, Monday through Friday.

Faculty members and academic staff should contact their liaison (see http://www2.haverford.edu/acc/about/liaisons.html ) or call the Helpdesk at 610-896-1480, open 9am to 5pm, Monday through Friday.

Administrative users should contact Administrative Computing (610-896-1044).

For Questions and Comments, contact Haverford College's Academic Computing Center.
Last updated on March 8, 2005