Carnegie Mellon University Website Home Page
 
Skip navigation and jump directly to page content
News
Security News Archives
2008
February
Security Alert - Phishing Emails Sent to Carnegie Mellon Accounts
Early Spring Cumulative Security Maintenance - Apple Mac OS X
Early Spring Cumulative Security Maintenance - Microsoft Windows
Accounts
Network, Phone & TV
Software
Email & Calendar
Secure Your Computer
Clusters & Printing
Web Services
Classroom & Event Support
Education & Outreach
Support & Repair
Information Security Office (ISO)

Cumulative Security Maintenance: Early Spring - Microsoft Windows

Who:  Microsoft Windows computer users

What:  Early Spring Cumulative Security Maintenance

When:  Feb 7, 2008

How:
Early Spring Cumulative Security Maintenance Windows computers running Microsoft Windows, Adobe Flash Player and Reader, AOL Radio, Apple Quicktime, Facebook Photo Uploader, Mozilla Firefox & Thunderbird, MySpace Uploader, RealNetworks RealPlayer, Sun Java and VLC media player may be vulnerable to exploits. The most serious of these vulnerabilities may allow an unauthorized user to take complete control of an affected system by convincing the user to open a maliciously crafted document, media file,  media stream or website.

What You Need To Do:
If you suspect your computer has already been compromised, STOP! Read and follow Responding to a Compromised Computer.

If your computer is managed by a Carnegie Mellon departmental computing administrator, please consult that person before making any system changes.

Follow the detailed steps below:

NOTE: You must login with an administrative account/password to complete steps marked with ***.

  1. Upgrade Microsoft Update***
    NOTE: Skip this step if you have previously upgraded to Microsoft Update or are using Windows Vista. Repeating this step is harmless if you are unsure whether you have already upgraded to Microsoft Update.

    Upgrading to Microsoft Update allows updates to Microsoft Office and other Microsoft products to be delivered all from one web site as well as installed automatically if you have Automatic Updates enabled.

    Follow the Upgrade to Microsoft Update steps from Securing Your Windows XP Computer.

  2. Run Microsoft Update***
    NOTE: Once you install Microsoft Update, all links to Windows Update will forward to Microsoft Update automatically.
    See Microsoft Update Instructions:
    Windows Vista
    Windows XP

  3. Verify & Update Adobe Flash Player***
    1. Visit the About Adobe Flash Player page to see what version of Flash is installed on your computer compared to the latest available.
    2. If your computer does not have the latest version, visit the Adobe Flash Player Download Center and follow the instructions to download and install the upgrade.
    3. If you have more than one web browser installed on your computer (i.e. Internet Explorer, Firefox, etc...), repeat these steps with your other web browsers.

  4. Update Adobe Reader (if installed)***
    1. Launch Adobe Reader.
    2. From the Help menu choose Check for Updates... .
    3. Follow the on-screen instructions to install any available updates.

  5. Update AOL Radio (if installed)***
    Use Internet Explorer to visit the AOL Radio site to be automatically updated to the latest version of AOL Radio's AmpX module.

  6. Upgrade Apple Quicktime (if installed)***
    Recent versions of Quicktime install the Apple Software Update service. If available, use the Apple Software Update service to automate your upgrade. Otherwise, download and run the full manual installer.

    Automated Apple Software Update
    1. Click the Start button and choose All Programs.
    2. Select Apple Software Update from the programs list.
    3. If updates are found, click Install.
    4. If prompted to reboot, reboot and then repeat from Step A. until no updates are found.

    Manual Install
    Download and install Apple Quicktime 7.4 or higher from Download - Apple QuickTime

  7. Upgrade Facebook Photo Uploader (if previously used through Internet Explorer only)***
    1. Login to your Facebook account using Internet Explorer.
    2. Go through the process of uploading photos to your account.
    3. The Facebook site will detect that your Facebook Photo Uploader is out of date and offer an upgrade. Follow the on screen instructions to install the upgrade.

  8. Update Mozilla Firefox (if installed)***
    1. Launch Mozilla Firefox.
    2. From the Help menu choose About Mozilla Firefox.
    3. Support for Mozilla Firefox versions prior to 2.0.x has been discontinued. If the About Mozilla Firefox window shows that your computer has 1.0.x or 1.5.x, then visit Installing Firefox on Windows for full manual upgrade instructions.  Otherwise if you already have 2.0.x, continue to the next step to check for updates.
    4. From the Help menu choose Check for Updates... .
    5. Follow the on-screen instructions to install any available updates.

  9. Update Mozilla Thunderbird (if installed)***
    1. Launch Mozilla Thunderbird.
    2. From the Help menu choose About Mozilla Thunderbird.
    3. Support for Mozilla Thunderbird versions prior to 2.0.x has been discontinued. If the About Mozilla Thunderbird window shows that your computer has 1.0.x or 1.5.x, then download and run the full installer from the Mozilla Thunderbird Product page to upgrade to 2.0.x.  Otherwise if you already have 2.0.x, continue to the next step to check for updates.
    4. From the Help menu choose Check for Updates... .
    5. Follow the on-screen instructions to install any available updates.

  10. Upgrade MySpace Uploader (if previously used through Internet Explorer only)***
    1. Login to your MySpace account using Internet Explorer.
    2. Go through the process of uploading photos to your account.
    3. The MySpace site will detect that your MySpace Uploader is out of date and offer an upgrade. Follow the on screen instructions to install the upgrade.

  11. Update RealNetworks RealPlayer (if installed)***
    1. Launch RealPlayer.
    2. From the Tools menu choose Check for Update.
    3. Select the box next to the RealPlayer 10.5 with Harmony™ Technology component.
    4. Click Install to download and install the update.

  12. Verify & Update Sun Java***
    Check that you have the latest version of Sun Java and install recommended updates by visiting Verify & Update - Sun Java

  13. Upgrade VLC media player (if installed)***
    Download and run the latest VLC installer from the VLC media player for Windows Download page.

  14. Manage personally identifiable information
    Reduce the risk of Identity Theft for yourself and others by running Identity Finder for Windows to help you locate and remove or protect personally identifiable information on your computer.  For detailed steps, see Identity Finder for Windows.

  15. Run Symantec LiveUpdate***
    Windows instructions

  16. Secure Your Computer***
    Windows Vista instructions
    Windows XP instructions

Contact:
Please direct any questions or comments to the Computing Services Help Center at x8-HELP (4357) or advisor@andrew.cmu.edu, or to your departmental administrator or DSP consultant.


More Information:
For more technical information, visit the following: