Skip to site navigation

UCL Computer Security Newsletter - August 2006

The purpose of this newsletter is to keep all security reps and other
interested parties informed about what is happening around UCL
regarding computer security. Further information from the Computer
Security Team is always available at http://www.ucl.ac.uk/cert.

1. Updates

Microsoft

10 Windows patches and 2 Office ones due this month - 9 of these are
critical. More info at
http://www.microsoft.com/technet/security/bulletin/ms06-aug.mspx

Note that one of the updates addresses a critical vulnerability in
the Microsoft Server Service (MS06-040). There are reports that this
vulnerability is actively being exploited.

Apple

Apple has released Security Update 2006-004 to correct multiple
vulnerabilities affecting Mac OS X, Mac OS X Server, Safari web
browser, Mail, and other products. The most serious of these
vulnerabilities may allow a remote attacker to execute arbitrary
code. Impacts of other vulnerabilities include bypass of security
restrictions and denial of service. More info at
http://www.us-cert.gov/cas/techalerts/TA06-214A.html

Wireless

A security hole has been found in Intel's Centrino driver (a Wifi
platform often used in laptops) that would allow remote code
execution. Please insure that drivers on all your Centrino hardware
is up to date. More details at
http://support.intel.com/support/wireless/wlan/sb/CS-023065.htm

2. Interesting

SANS reports that "...nearly 120 new vulnerabilities were discovered
this week - that's a 6,000 vulnerabilities per year rate of
discovery. Well over half are in web applications."

3. Institutional Firewall

It is UCL policy that all departments will be protected by the
institutional firewall. There is currently a short break over the
summer in placing departments behind the firewall because of the work
involved in the machine room move. The scheduling will resume in
September.

4. General

Please note all correspondence from the UCL Computer Security Team is
digitally signed either with personal PGP keys or the CERT team key
(public keys available from http://www.ucl.ac.uk/cert/contacts.html).

This newsletter and previous ones are available at
http://www.ucl.ac.uk/cert/cst-newsletters/index.html.

We welcome feedback on the content and organisation of documents on
our web page.