IT Help Central - Division of Information Technology
Texas Tech University

HELP!!!

IT Help Central

[ Hours of Operation ]
[ Safe Computing ]
[ Customer Survey ]
[ Security Bulletins ]
[ Instructions ]
[ Request Assistance ]
[ Our Team ]
[ Employment ]
[ Strategic Plan ]
[ Site Map ]

Related Sites

[ Texas Tech ]
[ IT Division ]
[ High Tech ]
[ Raiderlink ]
[ Computer Labs ]
[ Training ]
[ TTUHSC Help Desk ]
[ Network Access ]

General Info

[ New Students ]
[ Text-Only Version ]
[ Buying the Right Computer ]

 

ASC
Room 101
2903 4th Street

This update resolves a newly-discovered, privately-reported vulnerability that could allow an attacker to run arbitrary code on the system. A remote code execution vulnerability exists in Microsoft Outlook and Microsoft Exchange Server because of the way that it decodes the Transport Neutral Encapsulation Format (TNEF) MIME attachment.

On vulnerable versions of Outlook, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

On vulnerable versions of Exchange, an attacker who successfully exploited this vulnerability could take complete control of an affected system. This vulnerability could be exploited automatically without user interaction. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Microsoft recommends that customers should update immediately.

Affected Software:

  • Microsoft Office 2000 Service Pack 3
  • Microsoft Office XP Service Pack 3
  • Microsoft Office 2003 Service Pack 1 and Service Pack 2
  • Microsoft Exchange Server

It is recommended that you view the full article related to this vulnerability at Microsoft.com.

Quick Fix Instructions

  1. Download the patches appropriate for your system below.
  2. Save the file to a convenient location, such as your download folder or the Windows desktop.
  3. Close all programs before you run the tool.
  4. Double-click the file to start the update tool.
  5. Follow the On-Screen Instructions

Most Common Versions

Less Common Versions

Note:  You can configure Windows 2000 and XP to automatically download and install new critical updates.  For instructions on configuring automatic updates, click here.

Released 01/10/2006

 
Call for Help 742-4357
Copyright 2008 Texas Tech University, All Rights Reserved.
Maintained by: Information Technology Division.
TTU Compliance with the Digital Millennium Copyright Act,
TTU Privacy Policy, Texas Public Information Act
Contact: Webmaster.
Updated: January 10, 2006. 		Report abuses using the following links:

Unsolicited Bulk Email (UBE/UCE)/Spam.
Copyright Violations.