Security-Related Links

• Stinger: repair utility for common viruses
• Info on viruses and hoaxes
• What are the differences between viruses, worms and Trojans?
• Protect Yourself from Online Fraud
• Online Security and Virus Scans
• Is your computer secure?

Microsoft Security Links

• Microsoft Security Home Page
• Security Guidance
• Security Updates

Security Alerts

Internet Explorer / Outlook Vulnerability

Friday, July 2, 2004

The Computer Emergency Readiness Team (CERT) has issued a warning about a vulnerability in Microsoft's Internet Explorer that could allow an attacker to run code on your computer just by visiting a malicious web page.  Outlook, Outlook Express and Microsoft Help are also affected.

Solution

This vulnerability can be minimized by installing the following Microsoft Windows patches:

• MS04-013 Security Patch (April 13, 2004)
• KB870669 Critical Update (July 2, 2004)

Note: If you have configured the Windows Automatic Update feature (which we strongly recommend), these fixes may already be installed on your computer.

---

Sasser Virus

Monday, May 3, 2004

There's a new virus making the rounds known as Sasser.  Microsoft has released an article describing the virus and how to both prevent, detect, and recover from it.

If you've installed the Windows security patch, MS04-011, you should be immune to the virus.  You can use the Windows Update website, or download the MS04-011 patch by itself.

Adobe Acrobat Reader security flaw

Thursday, March 4, 2004

Security experts have found a very dangerous flaw in Adobe Acrobat Reader 5.0, a popular application for reading PDF files.  The flaw would allow someone to takeover your computer by getting you to open an XFDF file.  This is particularly dangerous because XFDF files are rendered automatically by many browsers; by simply clicking on a link to the file, you can be attacked.

Adobe claims that the flaw does not exist in the latest version of the product, so if you are still using Acrobat Reader 5.0, you should upgrade to Acrobat Reader 6.0 as soon as possible.  More info

Tuesday, February 10, 2004

Microsoft issued a security bulletin on February 10 announcing the presence of a security vulnerability in Windows NT, 2000, XP, and 2003. This is considered a critical security flaw as it has the potential to allow an attack on the scale of last year’s Blaster virus, which you may remember was one of the fastest-spreading viruses in history.

Although the severity of this vulnerability is considered high, there is no need to be alarmed. There are currently no known viruses exploiting this vulnerability, and some anti-virus applications can already detect possible exploits of it. As long as you have an anti-virus application and a firewall protecting your computers, you will probably be safe even when viruses do surface (and they will).

That said, it is still recommended that you install this update on all your computers as early as possible.

Security Patch Available

The good news is that it is easy to protect yourself and your computers. Simply install the latest Windows Update on each of your computers. If you have Automatic Updates enabled, you may already have an icon in the Notification area of your toolbar reminding you that there are updates to install (at the far right end of your Taskbar, right next to the clock). Just click the icon and follow the directions to install the updates.

Alternatively, you can always go to Microsoft’s Windows Update website to install both critical and non-critical updates. You should do this periodically anyways, because the Automatic Updates does not install all non-critical updates.

Resources

• http://windowsupdate.microsoft.com/
• http://www.microsoft.com/technet/security/bulletin/MS04-007.mspx