August Microsoft Security Bulletins Include Vulnerabilities Affecting Windows and Office. Immediate Action Required.
Wednesday, August 12, 2009
Microsoft Corporation has announced five new critical security vulnerabilities affecting Microsoft Windows and Microsoft Office. CSSD recommends that users immediately identify and install the security updates as soon as possible using the Pitt Software Update Service. If you are not already using this service, you can sign up for it by visiting technology.pitt.edu and selecting "Pitt Software Update Service" from the Quick Launch menu on the main page. The correct updates for your computer will then be installed on the schedule you specify.
The five critical security vulnerabilities are listed below. An attacker who successfully exploits any of these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights.
- Microsoft Security Bulletin MS09-037 describes several vulnerabilities in Microsoft Active Template Library that could be exploited if a user visits a specially crafted Web page.
- Microsoft Security Bulletin MS09-038 describes two vulnerabilities in Windows Media file processing that could be exploited if a user opens a specially crafted AVI file. AVI files are used with applications that play audio-video sequences.
- Microsoft Security Bulletin MS09-039 describes two vulnerabilities in Windows Internet Name Service that could be exploited if a user receives a specially crafted piece of code.
- Microsoft Security Bulletin MS09-043 describes several vulnerabilities in Microsoft Office Web Components that could be exploited if a user opens a specially crafted Web page.
- Microsoft Security Bulletin MS09-034 describes two vulnerabilities in Remote Desktop Connection. These vulnerabilities could be exploited if a user visits a specially crafted Web site.
In addition to installing the Microsoft patches, CSSD also recommends that all users install Symantec AntiVirus software and use the LiveUpdate feature to get the latest virus definitions. Symantec AntiVirus is available at no cost to students, faculty, staff, and departments from CSSD Software Licensing Services, 105 Bellefield Hall, and can also be downloaded from software.pitt.edu.
Please contact the Technology Help Desk at 412 624-HELP [4357] if you have any questions regarding this announcement.