IS Services Desk Announcements

[For Information] - ICT Forum - Reminder - 20 August 2008

2008-08-20

To University IT Staff,

A reminder that you are invited to today's ICT forum hosted by Information Services. The forum provides for information sharing regarding University and Enterprise wide IT matters, and is open to a member of IT staff from any of the IT units within the university, whether as part of a department, Faculty, Affiliate, University Services or Information Services. The forum runs for 1 hour in total with up to 20 minutes allocated to each presenter which includes discussion time if required.

The ICT forum is scheduled today 20th August 2008 from 12:30pm to 1:30pm, ICT theatre 2.

Speakers:

1. David Marshall - Unified Communications - mobility

The university has recently signed off with the new Telecommunications Carrier. New call costings and services are now available to mobile phone users. David's team will be responsible for porting over of numbers and configuring phones to the new carrier. David will walk through the process as part of the migration of accounts.

2. Debbie Keogh - Uniwireless - Visitor Access

Two new services will be available to visitors to the University via Uniwireless. Eduroam is a service that allows visiting staff and students from participating Eduroam universities to access the internet via their own email username and password. Visitor access is an enhanced feature that is part of Uniwireless. There are processes in gaining access to the system that will be discussed at this forum. There will also be opportunity to ask questions relating to visitor access.

Eduroam will be launched at the ICT forum.

Details on the ICT forum can be found at:
[http://www.infodiv.unimelb.edu.au/crm/forums/ict/index.html]

If you have any questions or would like to present at future ICT forums, please email Gavin Walsh [mailto;gavinaw@unimelb.edu.au]

[Important] - Desktop Support - Windows Updates Release - WSUS - August 2008

2008-08-15

To Desktop and Server Administrators,

Following testing of Microsoft Windows patches for August from participating system administrators, patches have been approved for distribution from the ID-WSUS server that were described in the IT Service Desk announcement:

[https://servicedesk.unimelb.edu.au/announcements/display_full.php?id=584]

ACTION REQUIRED:
================
System administrators and end users should ensure that all Windows OS based computers are up to date either by enabling automatic updates or manually updating affected computers.

Computers which are configured to use the ID-WSUS server for their updates will have the deployment monitored although should administrators notice issues relating to release of Windows Updates through ID-WSUS we request that information be forwarded to either the IT Service Desk via [http://idservicedesk.unimelb.edu.au/] or on extension 40888.

Please refer to Wednesday's announcement for full information about the updates to be approved: [https://servicedesk.unimelb.edu.au/announcements/display_full.php?id=584]

[Important] - Exchange - Required Maintenance - 23 August 2008

2008-08-15

To selected Exchange Users,

Information Services advise that over the next few months, routine maintenance will be required to be performed on the storage area of the University’s Exchange Email System.

This work is necessary to ensure that the system performs optimally going forward and will be performed by Systems Support staff on nominated weekends, commencing on Saturday 23rd August 2008. The affect of this activity means the Exchange system will be offline for some users for a period of time.

If you have received this notification, your mailbox will be unavailable for use between 10.00 a.m. and 4.00 p.m. on Saturday 23rd August 2008. This will be the case for all mail client software you are using including, Outlook, Entourage and Outlook Web Access.

This work should pose no risk to client data. Mail received during the maintenance work will be stored by the University Mail Gateway and delivered to mailboxes when the Exchange System resumes normal operation.

[Important] - IT Security Services - Microsoft Security Bulletins - 13 Aug 2008

2008-08-13

To Administrators of computers running Microsoft products,

ITSS-Advisory : MEDIUM : Microsoft : Various Products : Various Issues

It would be appreciated if this information can be communicated
to students and staff through appropriate means, such as notice
boards or linked through web information services.
The web address of this article is:
[http://www.infodiv.unimelb.edu.au/it-security/13-08-2008.html]

THREAT LEVEL
============
Medium.

INFORMATION
===========
Microsoft has released 11 security bulletins in its scheduled announcement
for Aug 2008. They are summarised below:

MS08-051 - Vulnerabilities in Microsoft PowerPoint
--------------------------------------------------
Rating: Critical
Impact: Remote Code Execution
Link: [http://www.microsoft.com/technet/security/Bulletin/MS08-051.mspx]
Known Issues: None
Affected:
- PowerPoint versions: 2000 SP3, 2002 SP3, 2003 SP2, 2003 SP3, 2007, 2007 SP1
- PowerPoint Viewer 2003
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1
- Microsoft Office 2004 for Mac
Not Affected:
- Microsoft Office PowerPoint Viewer 2007 and Microsoft Office PowerPoint Viewer 2007 SP1
- Microsoft Office SharePoint Server versions: 2007 and 2007 SP1
- Microsoft Office 2008 for Mac
- Microsoft Works versions: 8.0, 8.5, 9.0,
- Microsoft Works Suite versions: 2005, 2006

MS08-050 - Vulnerability in Windows Messenger
---------------------------------------------
Rating: Important
Impact: Information Disclosure
Link: [http://www.microsoft.com/technet/security/Bulletin/MS08-050.mspx]
Known Issues: None
Affected:
- Windows Messenger 4.7 running on Windows versions: XP SP2, XP SP3, XP Pro x64, XP Pro x64 SP2,

Server 2003 SP1, Server 2003 SP2, Server 2003 x64, Server 2003 x64 SP2, (Itanium) 2003 SP1,

(Itanium) 2003 SP2
- Windows Messenger 5.1 running on Windows versions: 2000 SP4, XP SP2, XP SP3, XP Pro x64, XP Pro

x64 SP2, Server 2003 SP1, Server 2003 SP2, Server 2003 x64, Server 2003 x64 SP2, (Itanium) 2003

SP1, (Itanium) 2003 SP2
Not Affected:
- Windows versions: Vista, Vista SP1, Vista x64, Vista x64 SP1
- Windows Server versions: 2008, 2008 x64, (Itanium) 2008

MS08-049 - Vulnerabilities in Event System
------------------------------------------
Rating: Important
Impact: Remote Code Execution
Link: [http://www.microsoft.com/technet/security/Bulletin/MS08-049.mspx]
Known Issues: [http://support.microsoft.com/kb/950974]
Affected:
- Windows versions: 2000 SP4, XP SP2, XP SP3, XP Pro x64, XP x64 Pro SP2, Vista, Vista SP1, Vista

x64 Vista x64 SP1
- Windows Server versions: 2003 SP1, 2003 SP2, 2003 x64, 2003 x64 SP2, (Itanium) 2003 SP1,

(Itanium) 2003 SP2, 2008 for 32-bit, 2008 for x64, (Itanium) 2008

MS08-048 - Security Update for Outlook Express and Windows Mail
---------------------------------------------------------------
Rating: Important
Impact: Information Disclosure
Link: [http://www.microsoft.com/technet/security/Bulletin/MS08-048.mspx]
Known Issues: None
Affected:
- Microsoft Outlook Express versions: 5.5 SP2, 6, 6 SP1
- Windows Mail

MS08-047 - Vulnerability in IPsec Policy Processing
---------------------------------------------------
Rating: Important
Impact: Information Disclosure
Link: [http://www.microsoft.com/technet/security/Bulletin/MS08-047.mspx]
Known Issues: None
Affected:
- Windows versions: Vista, Vista SP1, Vista x64, Vista x64 SP1
- Windows Server 2008 versions: for 32-bit, x64-based and Itanium-based systems
Not Affected:
- Windows versions: 2000 SP4, XP SP2, XP SP3
- Windows Server 2003 versions: SP1, SP2, x64, x64 SP2, (Itanium) SP1, (Itanium) SP2

MS08-046 - Vulnerability in Microsoft Windows Image Color Management System
---------------------------------------------------------------------------
Rating: Critical
Impact: Remote Code Execution
Link: [http://www.microsoft.com/technet/security/Bulletin/MS08-046.mspx]
Known Issues: None
Affected:
- Windows versions: 2000 SP4, XP SP2, XP SP3, XP x64, XP x64 SP2
- Windows Server 2003 versions: XP1, SP2, x64, x64 SP2, (Itanium) SP1, (Itanium) SP2
Not Affected:
- Windows Vista versions: Vista, Vista SP1, x64, x64 SP1
- Windows Server 2008 versions: for 32-bit, x64-based and Itanium-based systems

MS08-045 - Cumulative Security Update for Internet Explorer
-----------------------------------------------------------
Rating: Critical
Impact: Remote Code Execution
Link: [http://www.microsoft.com/technet/security/Bulletin/MS08-045.mspx]
Known Issues: None
Affected: Internet Explorer versions 5.01 SP4, 6 SP1, 6, 7

MS08-044 - Vulnerabilities in Microsoft Office Filters
------------------------------------------------------
Rating: Critical
Impact: Remote Code Execution
Link: [http://www.microsoft.com/technet/security/Bulletin/MS08-044.mspx]
Known Issues: None
Affected:
- Microsoft Office versions: 2000 SP3, XP SP3, 2003 SP2
- Microsoft Office Project 2002 SP1
- Microsoft Office Converter Pack
- Microsoft Works 8

MS08-043 - Vulnerabilities in Microsoft Excel
---------------------------------------------
Rating: Critical
Impact: Remote Code Execution
Link: [http://www.microsoft.com/technet/security/Bulletin/MS08-043.mspx]
Known Issues: None
Affected:
- Microsoft Office versions: 2000 SP3, XP SP3, 2003 SP2, 2003 SP3
- Microsoft Office System versions: 2007, 2007 SP1
- Microsoft Office Excel Viewer and versions: 2003, 2003 SP3
- Microsoft Office Compatibility Pack for Word, Excel and PowerPoint 2007 File Formats
- Microsoft Office Compatibility Pack for Word, Excel and PowerPoint 2007 File Formats SP1
- Microsoft Office SharePoint Server 2007 and versions: SP1, x64, x64 SP1
- Microsoft Office for Mac versions: 2004, 2008
Not Affected:
- Microsoft Works versions: 8.0, 8.5, 9.0, Suite 2005, Suite 2006
- Microsoft Office SharePoint Portal Server 2003

MS08-042 - Vulnerability in Microsoft Word
--------------------------------------------------
Rating: Important
Impact: Remote Code Execution
Link: [http://www.microsoft.com/technet/security/Bulletin/MS08-042.mspx]
Known Issues: None
Affected: Microsoft Office versions: XP SP3, 2003 SP2, 2003 SP3

MS08-041 - Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access
--------------------------------------------------------------------------------------------
Rating: Critical
Impact: Remote Code Execution
Link: [http://www.microsoft.com/technet/security/Bulletin/MS08-041.mspx]
Known Issues: None
Affected: Microsoft Office versions: 2000 SP3, XP SP3, 2003 SP2, 2003 SP3
Not Affected: Microsoft Office System versions 2007, 2007 SP1

ACTION
======
Administrators of affected computers are advised to review the bulletins,
test and apply relevant updates.

Computers in the testbed will have the patches applied immediately,
and their performance will be monitored. The effects of the patch
on these computers will be sent to its-announce@unimelb.edu.au by
early afternoon on Fri 15 Aug 2008.

[Important] - IT Security Services - Mozilla Firefox - 17 Jul 2008

2008-07-17

To Administrators of computers running Firefox,

ITSS-Advisory : MEDIUM : Mozilla : Firefox : Various Issues

It would be appreciated if this information can be communicated to students and staff through appropriate means, such as notice boards or linked through web information services. The web address of this article is: [http://www.infodiv.unimelb.edu.au/it-security/17-07-2008.html]

THREAT LEVEL
============
Medium.

INFORMATION
===========
On 16 Jul 2008, Mozilla released Firefox 3.0.1. This version fixes vulnerabilities discovered in Firefox 3.0.0. Successful exploitation could enable an attacker to execute arbitrary code on an affected system.More information is available at: [http://www.mozilla.com/en-US/firefox/3.0.1/releasenotes/]

On 15 Jul 2008, Mozilla released Firefox 2.0.0.16. This version fixes vulnerabilities discovered in Firefox 2.0.0.15 and earlier versions. Successful exploitation could enable an attacker to execute arbitrary code on an affected system. More information is available at:
[http://www.mozilla.org/security/known-vulnerabilities/firefox20.html]

AFFECTED PLATFORMS
==================
Computers of various operating systems running:
- Firefox 3.0.0
- Firefox 2.0.0.15 and earlier

ACTION
======
Administrators of affected computers are advised to review the bulletins, test and apply relevant updates.