YORK-ANNOUNCE-L Archives

York U. announcements list - READ ONLY

YORK-ANNOUNCE-L@YORKU.CA
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
ADVISORY: Microsoft Office/IE security updates
From:
Chris Russel <[log in to unmask]>
Reply To:
York U. announcements list - READ ONLY
Date:
Fri, 23 Aug 2002 12:22:18 -0400
Content-Type:
TEXT/PLAIN
Parts/Attachments:
TEXT/PLAIN (38 lines) 
Microsoft has released patches which close a number of critical
vulnerabilities in Microsoft Office Web Components 2000 and separately,
Internet Explorer.  These vulnerabilities can allow a remote attacker, by
use of an email message or web page, to run programs, alter and/or access
data, or wipe the hard drive on a target system.

Any system with Microsoft Office 2000/XP is vulnerable and should have the
patch applied.  Other Microsoft software, including some server software
is also affected, for more information please see the following:

http://www.microsoft.com/technet/security/bulletin/MS02-044.asp

It is recommended that users install the patches using the "Office
Products Updates" site:

http://office.microsoft.com/productupdates/


Also, patches were released yesterday to close critical vulnerabilities in
Internet Explorer.  These are available through the "Windows Update" site.

http://windowsupdate.microsoft.com/

For direct access to the cumulative patch:

http://www.microsoft.com/windows/ie/downloads/critical/q323759ie/default.asp


Finally, for those using Microsoft Outlook, these vulnerabilities would be
partially mitigated if the Outlook Email Security Update was installed:

http://office.microsoft.com/Downloads/2000/Out2ksec.aspx


--
Chris Russel    | Manager Information Security
[log in to unmask] | York University, Toronto, Canada

ATOM RSS1 RSS2