Carnegie Mellon University Website Home Page
 
Skip navigation and jump directly to page content
News
Security News Archives
2009
October
Adobe Reader and Acrobat Security Update
Critical Microsoft October Security Update for Windows Users
Accounts
Network, Phone & TV
Software
Email & Calendar
Secure Your Computer
Clusters & Printing
Web Services
Classroom & Event Support
Training & Education
Technical Support & Services
Campus Partners
Information Security Office (ISO)

SECURITY ALERT: Critical Microsoft Security Update for Windows Users

(U.S. Eastern Time)
DAY: Monday
DATE: October 19, 2009

Personal computers running Microsoft Windows may be vulnerable an exploit which may allow an unauthorized attacker to take complete control of an affected system that is connected to a network without any end-user action.

If you suspect your computer has already been compromised, STOP! Immediately take the following steps:

  1. Disconnect from the network - turn off wireless or unplug the wired network cable.
  2. Discontinue use of the machine but DO NOT power off.
  3. Contact the Information Security Office at (412) 268-2044 or iso@andrew.cmu.edu or your departmental computing administrator/DSP consultant for further instructions.

These steps are excerpted from Responding to a Compromised Computer .

If your computer is managed by a Carnegie Mellon departmental computing administrator, please consult that person before making any system changes.

What You Need To Do:

  1.   Upgrade Microsoft Update
    NOTE: Skip this step if you have previously upgraded to Microsoft Update or are using Windows Vista. Repeating this step is harmless if you are unsure whether you have already upgraded to Microsoft Update.

    Upgrading to Microsoft Update allows updates to Microsoft Office and other Microsoft products to be delivered all from one web site as well as installed automatically if you have Automatic Updates enabled.
  2. Run Microsoft Update.
    NOTE1:If your computer is configured for Automatic Updates (highly recommended), it may have already applied the update and you will see zero High Priority updates when running Microsoft Update.
    NOTE2: Once you install Microsoft Update, all links to Windows Update will forward to Microsoft Update automatically.

    See Microsoft Update Instructions:
    Windows Vista
    Windows XP
  3. Ensure You Reboot Your Computer If Prompted by Windows
    The update will require a reboot and will periodically prompt you to reboot until you do so.  Please reboot AS SOON AS POSSIBLE when prompted.  This is especially important for laptop users who normally hibernate/standby their machines rather than rebooting.
  4. Secure Your Computer
    As always, following guidelines for secure computing generally reduces your risk of impact from this and other vulnerabilities.
    Windows Vista instructions
    Windows XP instructions

More Technical Information:
Visit US-CERT technical alert - Microsoft Updates for Multiple Vulnerabilities
http://www.us-cert.gov/cas/techalerts/TA09-286A.html
Microsoft Security Bulletin Summary For October 2009
http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx

Contact:
Please direct any questions or comments to the Computing Services Help Center (412-268-HELP or advisor@andrew.cmu.edu) or to your departmental administrator or DSP consultant.