Oklahoma State University: The STATE's University
Visit the OSU Home Page
Home
Report an Incident
Services
Search

News
FAQs
Policies and Guidelines
Secure Coding
Hardening Guides
IT Announcements

IT Information Security Office
301 Whitehurst
Oklahoma State University
Stillwater, OK 74075
Phone: (405) 744-4357
Email: abuse [at] okstate.edu
web38.jpg
Welcome to the IT Information Security Office

The IT Information Security Office (ISO) was established to secure the data systems and computers of Oklahoma State University.

Image
The ISO strives to protect students, faculty, and employees by protecting University information, helping to write and use secure applications, and detecting and preventing potential threats.

 
Microsoft's Security Bulletin

Microsoft's RSS feed of the new security releases and patch updates. These are hot out of the Microsoft factory. Click on the link to learn more about the vulnerability or just to download the patch.

  • MS09-062 - Critical: Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)
    Bulletin Severity Rating:Critical - This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS09-061 - Critical: Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)
    Bulletin Severity Rating:Critical - This security update resolves three privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in persuading a user to run a specially crafted Microsoft .NET application. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerabilities could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and executing it, as could be the case in a Web hosting scenario. Microsoft .NET applications, Silverlight applications, XBAPs and ASP.NET pages that are not malicious are not at risk of being compromised because of this vulnerability.
  • MS09-060 - Critical: Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)
    Bulletin Severity Rating:Critical - This security update resolves several privately reported vulnerabilities in ActiveX Controls for Microsoft Office that were compiled with a vulnerable version of Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS09-059 - Important: Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467)
    Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sent a maliciously crafted packet during the NTLM authentication process.
  • MS09-058 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486)
    Bulletin Severity Rating:Important - This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logged on to the system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit any of these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
  • MS09-057 - Important: Vulnerability in Indexing Service Could Allow Remote Code Execution (969059)
    Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker set up a malicious Web page that invokes the Indexing Service through a call to its ActiveX component. This call could include a malicious URL and exploit the vulnerability, granting the attacker access to the client system with the privileges of the user browsing the Web page. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS09-056 - Important: Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571)
    Bulletin Severity Rating:Important - This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow spoofing if an attacker gains access to the certificate used by the end user for authentication.
  • MS09-055 - Critical: Cumulative Security Update of ActiveX Kill Bits (973525)
    Bulletin Severity Rating:Critical - This security update addresses a privately reported vulnerability that is common to multiple ActiveX controls and is currently being exploited. The vulnerability that affects ActiveX controls that were compiled using the vulnerable version of the Microsoft Active Template Library (ATL) could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS09-054 - Critical: Cumulative Security Update for Internet Explorer (974455)
    Bulletin Severity Rating:Critical - This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Firefox users who are running the Windows Presentation Foundation (WPF) plug-in and do not have it disabled should also apply this security update. For more information regarding this issue, please see the FAQ section for HTML Component Handling Vulnerability ? CVE-2009-2529.
  • MS09-053 - Important: Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)
    Bulletin Severity Rating:Important - This security update resolves two publicly disclosed vulnerabilities in the FTP Service in Microsoft Internet Information Services (IIS) 5.0, Microsoft Internet Information Services (IIS) 5.1, Microsoft Internet Information Services (IIS) 6.0, and Microsoft Internet Information Services (IIS) 7.0. On IIS 7.0, only FTP Service 6.0 is affected. The vulnerabilities could allow remote code execution (RCE) on systems running FTP Service on IIS 5.0, or denial of service (DoS) on systems running FTP Service on IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0.
 
Oklahoma State University - Stillwater | Stillwater, OK 74078 | 405.744.5000
Copyright © 2006 Oklahoma State University | All rights reserved