Wednesday, November 12. 2003
Our First Monthly Present From Micro$oft
Microsoft released it's first montly security bulletin yesterday, with very little fanfare. One of the patches, however, is critical.
The first, and most important, is the Internet Explorer Bulletin. There are some serious vulnerabilities in most versions of IE/Windows, and this patch will (hopefully) mitigate the threat. Every Windows user should install this immediately.
The second only affects Windows 2000 and XP. The Workstation Service vulnerability can allow an attacker to take control of your computer. If you connect to the Internet, you should have some kind of firewall anyway -- block incoming UDP ports 138, 139, 445 and TCP ports 138, 139, 445 (Actually, in most cases, you should block ALL incoming traffic. Don't worry, that doesn't mean you can't surf - firewalls know whether a packet is a new connection or part of an existing connection).
The third affects M$ Office users. You have to use the Office Update (Not the Windows Update) to apply the Word and Excel patches. It's a macro vulnerability - don't open any documents that you have not confirmed are legitimate through some other means (phone, face-to-face, etc).
The fourth affects the Windows Front Page Extensions. What? Never heard of it? Must not affect you? Maybe....maybe not. Windows 2000 installed it by default. Windows XP doesn't, but it can very easily be activated during install or any time afterwards. And if you installed an NT Option pack, the Front Page Extension came along with it.
Go to Windows Update and Office Update today!
The first, and most important, is the Internet Explorer Bulletin. There are some serious vulnerabilities in most versions of IE/Windows, and this patch will (hopefully) mitigate the threat. Every Windows user should install this immediately.The second only affects Windows 2000 and XP. The Workstation Service vulnerability can allow an attacker to take control of your computer. If you connect to the Internet, you should have some kind of firewall anyway -- block incoming UDP ports 138, 139, 445 and TCP ports 138, 139, 445 (Actually, in most cases, you should block ALL incoming traffic. Don't worry, that doesn't mean you can't surf - firewalls know whether a packet is a new connection or part of an existing connection).
The third affects M$ Office users. You have to use the Office Update (Not the Windows Update) to apply the Word and Excel patches. It's a macro vulnerability - don't open any documents that you have not confirmed are legitimate through some other means (phone, face-to-face, etc).
The fourth affects the Windows Front Page Extensions. What? Never heard of it? Must not affect you? Maybe....maybe not. Windows 2000 installed it by default. Windows XP doesn't, but it can very easily be activated during install or any time afterwards. And if you installed an NT Option pack, the Front Page Extension came along with it.
Go to Windows Update and Office Update today!
Trackbacks
Trackback specific URI for this entry
No Trackbacks