Carnegie Mellon University Website Home Page
 
Skip navigation and jump directly to page content
News
Security News Archives
2008
October
Security Alert - Critical Microsoft Security Update MS08-067 for Windows Users
Volunteers Needed: Help Us Protect the Carnegie Mellon Community from Identity Theft
Accounts
Network, Phone & TV
Software
Email & Calendar
Secure Your Computer
Clusters & Printing
Web Services
Classroom & Event Support
Training & Education
Technical Support & Services
Campus Partners
Information Security Office (ISO)

Security Alert: Critical Microsoft Security Update MS08-067 for Windows Users

Who:  Microsoft Windows computer users

What:  Critical Microsoft Security Update MS08-067

When:  Updated Oct 24, 2008

How:
Microsoft Security Update MS08-067 for Windows Users Oct 24 Update: Notification emails are being sent to owners of computers missing the update as detected by network scanning (Pittsburgh campus only).  The messages instruct owners to take action and notify Computing Services before the grace period ends.  If the grace period elapses without owners notifying Computing Service of their actions, then network access will be suspended to protect the vulnerable machine and the rest of the campus network.

Windows computers running Microsoft Windows may be vulnerable to exploits. This vulnerability may allow an unauthorized attacker to take complete control of an affected system that is connected to a network without any end user action.  PLEASE PATCH AND REBOOT ASAP.

What You Need To Do:
If you suspect your computer has already been compromised, STOP! Read and follow Responding to a Compromised Computer.

If your computer is managed by a Carnegie Mellon departmental computing administrator, please consult that person before making any system changes.

Follow the detailed steps below:

NOTE: You must login with an administrative account/password to complete steps marked with ***.

  1. Upgrade Microsoft Update***
    NOTE: Skip this step if you have previously upgraded to Microsoft Update or are using Windows Vista. Repeating this step is harmless if you are unsure whether you have already upgraded to Microsoft Update.

    Upgrading to Microsoft Update allows updates to Microsoft Office and other Microsoft products to be delivered all from one web site as well as installed automatically if you have Automatic Updates enabled.

    Follow the Upgrade to Microsoft Update steps from Securing Your Windows XP Computer.
  2. Run Microsoft Update***
    NOTE1: If your computer is configured for Automatic Updates (highly recommended), it may have already applied the update and you will see zero High Priority updates when running Microsoft Update.
    NOTE2: Once you install Microsoft Update, all links to Windows Update will forward to Microsoft Update automatically.

    See Microsoft Update Instructions:
    Windows Vista
    Windows XP
  3. Ensure You Reboot Your Computer If Prompted by Windows
    The update will require a reboot and will periodically prompt you to reboot until you do so.  Please reboot AS SOON AS POSSIBLE when prompted.  This is especially important for laptop users who normally hibernate/standby their machines rather than rebooting.
  4. Run Symantec LiveUpdate***
    Windows instructions
  5. Secure Your Computer***
    Windows Vista instructions
    Windows XP instructions

Contact:
Please direct any questions or comments to the Computing Services Help Center at x8-HELP (4357) or advisor@andrew.cmu.edu, or to your departmental administrator or DSP consultant.


More Information:
For more technical information, visit the following: