Security Bulletin
of June 15, 2006

Overview
Who is Affected

Recommended Actions

Administrative Users
Academic and All Home Windows Users
Academic and All Home Macintosh Users
Tips for Safer Computing
Further Assistance

Other Bulletins
Recent CERT Alerts

ADMINISTRATIVE Staff: If you use a computer at HOME, please read on.

STUDENTS, FACULTY, ADMINISTRATIVE STAFF, ACADEMIC STAFF AND ALL HOME USERS must follow the recommendations below.

I. OVERVIEW

Serious security holes have been identified in Microsoft Windows, Internet Explorer, Microsoft Office, Windows Media Player, Apple Quicktime, Apple Mac OS X, Real Player and Mozilla Firefox. To protect your computer, and other computers on the network, follow the instructions below.

In addition to applying the updates described below, do not open unfamiliar or unexpected Microsoft Word or other Office documents, including those received as email attachments or hosted on a web site. A vulnerability in Microsoft Word, for which there is not yet a fix, could allow an attacker to gain control of your computer.

II. WHO IS AFFECTED?

All Windows and Macintosh systems are vulnerable to at least some of the serious security threats addressed in this bulletin.

III. RECOMMENDED ACTION - ADMINISTRATIVE USERS ON CAMPUS

Administrative users will be receiving a separate email in regard to their office computers. However, all users must follow the instructions below appropriate for their home systems.

IV. RECOMMENDED ACTION - STUDENTS, FACULTY, ACADEMIC STAFF, and ALL HOME WNDOWS COMPUTER USERS

1. Install all Windows critical updates. Open INTERNET EXPLORER and go to http://update.microsoft.com/
2. Install all Microsoft Office critical updates. Open INTERNET EXPLORER and navigate to http://office.microsoft.com/officeupdate
3. Upgrade to the latest version of Mozilla Firefox (1.5.0.4) at http://www.mozilla.com/firefox.
4. Upgrade to Apple QuickTime 7.1 at http://www.apple.com/quicktime/download/win.html.
5. Upgrade to the newest version of Real Player at http://www.haverford.edu/ns/streaming/getreal/

V. RECOMMENDED ACTION - STUDENTS, FACULTY, ACADEMIC STAFF, and ALL HOME MACINTOSH COMPUTER USERS

1. Install all Macintosh OS critical updates.
   1. Under the Apple Menu select System Preferences.
   2. Double-click on Software Update.
   3. Check the option to Automatically check for updates weekly.
   4. Run Check Now
2. Install all Microsoft Office critical updates. Navigate to http://www.microsoft.com/mac/downloads.aspx and install the updates appropriate to your version of Office.
3. Upgrade to the latest version of Mozilla Firefox (1.5.0.4) at http://www.mozilla.com/firefox.
4. Upgrade to the newest version of Real Player at http://www.haverford.edu/ns/streaming/getreal.

VI. PRACTICE SAFER COMPUTING ALL THE TIME

Always follow the guidelines to Protect Your Computer at http://www.haverford.edu/acc/protect/.

VII. FOR FURTHER ASSISTANCE

Students, faculty and academic staff please contact Academic Computing:
Telephone: 610-896-1480
Email: compctr@haverford.edu
Web: http://www.haverford.edu/acc/helpdesk/
In Person: Stokes 204 9am to 5pm, Monday through Friday and until 9am to 9pm on Tuesdays.

Administrative staff please contact Administrative Computing:
Telephone: 610-896-1355
Email: admincc@haverford.edu

VI. MORE INFORMATION

Additional information about computer security and current threats can be found at the following sites:

United States Computer Emergency Readiness Team (US-CERT ) Recent Alerts

<http://www.us-cert.gov/nav/nt01/>

<http://www.us-cert.gov/cas/alerts/>

US-CERT Alerts used for this bulletin

<http://www.us-cert.gov/cas/alerts/SA06-164A.html>

<http://www.us-cert.gov/cas/alerts/SA06-153A.html>

<http://www.us-cert.gov/cas/alerts/SA06-139A.html>

<http://www.us-cert.gov/cas/alerts/SA06-132B.html>

McAfee Avert Threat Center

<http://www.mcafee.com/us/threat_center/default.asp>

Microsoft Security

<http://www.microsoft.com/security/>

Apple Product Security

<http://www.apple.com/support/security/>