Skip to Navigation | Skip to Content

September 2006

« August 2006 | Main | October 2006 »

September 28, 2006

New Morning Hours at Tisch Hall Lab

The ITS Tisch Hall Computer lab, Room LC7, will now open daily at 6:00am from Monday through Saturday for self-service printing and computer use. Note that ITS staff will not be onsite to provide assistance until 8:30am. Swipe a valid NYUCard through the card reader at the door to gain entry prior to 8:30am.

September 26, 2006

Download Critical Windows Update

Microsoft, in an effort to mitigate further exploits from the latest vulnerability, has released a Microsoft Windows patch ahead of the scheduled October 10th "Patch Tuesday" update.

Download this critical update by going to Microsoft's Windows Update page here:

Microsoft Windows Update

September 22, 2006

New Internet Explorer & Outlook Attack

Reported 09/15/06 in the Security Alerts page, Microsoft's latest vulnerability is quickly gaining momentum with many malicious sites and hackers crafting code and HTML to exploit vulnerable computers. Currently, even the most patched versions of Windows XP are completely vulnerable to this attack and there is no projected patch until sometime in October.

This new attack targets Internet Explorer and the HTML component in Outlook and can result in a computer being compromised by an attacker. So in theory, visiting a malicious website or opening an email with the malicious HTML code can leave the computer fully compromised.

Multiple security vendors are labeling this attack as "high" because an update is not available, and may not be available until the next monthly patch cycle. As always, we suggest that you avoid any suspicious or "bad" websites. If you believe you may have entered one of these sites, it may be prudent to simply quit out of your browser and restart the application again.

Critical Apple WiFi Update

Apple released an update today for their Airport wireless cards that addresses multiple vulnerabilities. Those vulnerabilities put all wireless-capable OS X computers at risk of being compromised by an attacker, including the new Intel-based Macs.

Without the update, an Apple computer connected to a malicious "WiFi spot" could potentially be compromised to the degree that an attacker can gain control of the computer and execute arbitrary code.

To get the latest update, simply go on the Apple menu and select "Software Update". Download any updates available.

You can read up on the vulnerability here:

Apple releases Airport update

September 19, 2006

AIM Users: Beware of Links

Recently a new worm that propagates itself via AIM began circulating the Internet. Known as W32.pipeline, this worm transmits itself via AIM, contacting all individuals on the victim's "Buddylist".

The worm sends an innocuous IM message to the individuals on the victim's Buddylist with the message "Hey, would it be okay if I upload this picture of you to my blog?" If the recipient clicks on the link, an executable file that looks like a JPEG will download into a Windows folder.

Once installed, the file then begins to contact other individuals on the new victim computer to infect their machines as well. Another side effect is that the victim computer acts as a botnet, downloading in the background malicious files and viruses onto the computer, and possibly even sending out large quantities of spam

The best solution to this problem is to:

  • If you receive the above IM, ignore it and do not respond. If you receive a suspicious variant, or are unsure, reply to the Instant Message and verify that the person really did send it to you. 3-4 IM messages should verify the status of the sender.
September 18, 2006

Download Critical Firefox Update

Following a week of updates from both Microsoft & Apple, the team over at Mozilla also issued critical updates for its popular Firefox web browser.

The update comes on the heel of multiple vulnerabilities being recently discovered. Secunia.com rates these vulnerabilities as being highly critical, because they allow a remote attacker to exceute arbitrary code, and possibly take over a compromised computer.

These updates should download automatically, however, you can also upgrade your current browser to version 1.5.0.7 by going to:

GetFireFox.com

September 15, 2006

No Patch Yet for Internet Explorer Attack

Following Microsoft's monthly "Tuesday Patch Day", whereby Microsoft provided multiple critical Windows & Office updates, a new vulnerability began circulating the Internet. This new attack specifically targets Internet Explorer and can result in a computer being compromised by an attacker.

Once an individual visits a specially crafted website, the attack can either force IE to crash or the attacker can use the vulnerability to launch arbitrary commands and compromise the victim computer.

Multiple security vendors are labeling this attack as "high" because an update is not available, and may not be available until the next monthly patch cycle. Beyond suggesting that users avoid "bad websites", users are also being told to disable "ActiveX scripting" in IE or secure it to your trusted security zones as a precaution.

Multiple security vendors are labeling this attack as "high" because an update is not available, and may not be available until the next monthly patch cycle. As always, we suggest that you avoid any suspicious or "bad" websites. If you believe you may have entered one of these sites, it may be prudent to simply quit out of your browser and restart the application again.

September 14, 2006

Download Critical Windows Update

On September 13th, Microsoft issued a 3rd patch for an ongoing vulnerability that was cited in August. Following 2 previous updates, Microsoft received multiple reports of computers still being vulnerable to attack. Specifically, the type of attack involves running long, processor-power consuming tasks that may result in serious performance issues.

At this time, it highly recommended to download the latest Microsoft Windows updates.

Download Microsoft updates by going to:http://updates.microsoft.com

September 08, 2006

New ITS Website

NYU Information Technology Services has just released a redesigned website. New features include the Ask ITS contact form, a News blog, and an improved navigation structure. Please let us know what you think!

Note that some ITS links may have changed; explore the navigation menu or search the site to find any relocated pages and update your browser bookmarks.

September 05, 2006

New MS Word Attack Circulating

There is a critical MS Word vulnerability circulating the Internet and it is appearing as a simple Word document file. This specially crafted Word document contains an embedded trojan file that can put a computer at risk to a malicious attack.

Once the infected Word file is opened, it loads a trojan file onto the computer. Following the trojan's installation, it then initiates a backdoor command that allows more malicious files to be downloaded onto the infected computer. Those malicious files can include keylogging tools, which can be used to record what you type on your computer.

For the moment, Microsoft does not have an update available. Users are being told to not open untrusted Word document files. Once an update is available, a link will be posted in the alerts page.

Confirmed affected systems for this paritcular attack are computers running both Windows 2000 & Microsoft Word 2000. Although not yet confirmed, it is cautioned that this vulnerability may affect other versions of Microsoft Windows and/or Word.

More information regarding this attack can be found here :

MS Word 0-day attack flaw


Update available 09/12/06


Microsoft has stated that there will be one Office and two Windows updates available on 09/12/06 that will address multiple critical vulnerabilities. It is believed that these updates will fix the current Word vulnerability, amongst other exploits. We will issue an alert when this becomes available.