Last week Microsoft announced a new critical security vulnerability affecting versions of its Windows operating systems and many of its software products.
Office of Technology Services (OTS) engineers have tested and verified a utility to detect and patch most affected software on all OTS-managed computers. Due to the severity of this vulnerability, the update was delivered to all computers yesterday morning.
Because the patch was released campus-wide, OTS recommends that individual users NOT update their OTS-managed computer. This is especially important to note because users without administrative rights who attempt to install the patch on their own may cause their computer to freeze until manually fixed by a local administrator. If you are unsure whether or not your computer is OTS-managed, please call 410-704-5151 or e-mail {helpcenter@towson.edu}.
OTS recommends that users with home computers install the necessary Windows and Office updates. Microsoft has created a Web page that is specifically designed to walk users through the process. It is located at {http://www.microsoft.com/security/bulletins/200409_jpeg_tool.mspx}.
For more information on OTS? update procedure, go to {http://wwwnew.towson.edu/adminfinance/ots/coretechsecurity/infosecsecurityupdates.asp}.
For more technical information on this specific update, please refer to the OTS Alerts forum, the most authoritative and up-to-date source of information on performance issues, service disruptions and maintenances relating to the university?s computing, application, network and telephone systems. The following posts relate to this specific update (in chronological order):
{http://forums.towson.edu/viewtopic.php?t=346}
{http://forums.towson.edu/viewtopic.php?t=348}
{http://forums.towson.edu/viewtopic.php?t=349}
{http://forums.towson.edu/viewtopic.php?t=350}
{http://forums.towson.edu/viewtopic.php?t=360}
The vulnerability arises from the way certain Microsoft software processes JPEG image files. An attacker who successfully exploits this vulnerability could take complete control of an affected computer, including installing programs; viewing, changing or deleting data; or creating new accounts with full privileges. It affects a wide range of Microsoft products, including Windows XP, Windows Server 2003, Office XP and 2003, Internet Explorer and other programs.
Questions?
Students: 410-704-5151, {scs@towson.edu}, Cook Library, room 35
Faculty/Staff: 410-704-5151, {helpcenter@towson.edu}, Cook Library, room 5