[Am-info] Critical M$ security patches.

Fred A. Miller fm@cupserv.org
Thu, 18 Apr 2002 09:44:13 -0400 

Critical M$ security patches.

Revealing vulnerabilities in various versions of Internet Explorer, Outlook
Express, and Office applications for Macintosh, Microsoft yesterday
announced security patches available for immediate download, and urged that
all users of these programs download and apply the patches at once.

      http://www.microsoft.com/security/security_bulletins/ms02019_mac.asp

The vulnerability in Internet Explorer would allow malicious code on a web
page to perform such tasks on your computer as deleting or changing files,
or installing and running software without your permission, by exploiting a
buffer overrun or executing an AppleScript. The company says that the
Microsoft Office problem would allow malicious content in a document to
similarly take over your computer, but only if you were to open the
document. Microsoft warns that users should never accept files from unknown
sources. (CIT strongly recommends never opening documents you weren't
expecting, even if you know the person who appears to have sent them,
without confirming who sent them.)

The patches for Microsoft Office and Outlook Express, and patches for Mac
OS 8 and OS 9 users of Internet Explorer, are available for download from
Microsoft's Mactopia download web site.

      http://www.microsoft.com/mac/download/

Mac OS X users should apply the patch to Internet Explorer for Mac OS X
(the default web browser installed with the operating system) via the
Software Update feature of Mac OS X, which may be accessed via System
Preferences. Mac OS X users must still manually download and apply the
patches for Office or other applications.

Microsoft says the vulnerable software includes:

   * Internet Explorer 5.1 for Mac OS X
   * Internet Explorer 5.1 for Mac OS 8 or 9
   * Outlook Express 5.0 through 5.0.3
   * Entourage v.X for Mac OS X
   * Entourage 2001
   * PowerPoint v.X for Mac OS X
   * PowerPoint 2001
   * PowerPoint 98
   * Excel v.X for Mac OS X
   * Excel 2001

The company says versions of Internet Explorer prior to 5.1, of Outlook
Express prior to 5.0.1, and of Office prior to Office 98 are no longer
supported, have not been tested, and may or may not be subject to these
vulnerabilities.

The current security patches, when applied, will patch all previously noted
vulnerabilities in these versions of the Microsoft applications.

Microsoft is offering free user support by phone to U.S. and Canadian
callers at 1-866-PC SAFETY (1-866-727-2338). International users should
contact their local subsidiary for information about obtaining free support
for downloading and installing these patches.

      http://www.microsoft.com/worldwide/

-- 
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org, www.cupserv.org
--- SuSE Linux v7.3 Pro---