Microsoft Windows and Internet Explorer Vulnerabilities

Systems Affected

Microsoft Windows and various Microsoft products, including Internet Explorer

Overview

By taking advantage of vulnerabilities in various Microsoft products, an attacker may be able to stop affected programs or take control of your computer. Microsoft has released updates to address these issues.

Solution

Install Updates

Microsoft has released security updates for Windows and Internet Explorer. To obtain the updates, visit the Windows Update web site. US-CERT also recommends enabling Automatic Updates.

Description

There are problems with various Microsoft applications and features:

• Help system - The HTML Help system is used by many Microsoft Windows applications. An attacker may be able to create a malicious help file that may allow him or her to gain control of your computer.
• Image handling - Images can be saved in multiple formats, including .jpg, .gif, and .png. An attacker may be able to create a malicious image file that, if you view it, will allow him or her to stop affected programs or take control of your computer.
• Networking - Microsoft Windows uses networking to allow your computer to talk to printers and other computers. A vulnerability in Windows networking may allow an attacker to take control of your computer.

For more technical information, see US-CERT Technical Alert TA05-165A.

References

• US-CERT Technical Cyber Security Alert TA05-165A - <http://www.us-cert.gov/cas/techalerts/TA05-165A.html>
• Microsoft Security Bulletin Summary for June, 2005 - <http://www.microsoft.com/technet/security/bulletin/ms05-jun.mspx>

Author: Mindi McDowell. Feedback can be directed to US-CERT.

Produced 2005 by US-CERT, a government organization. Terms of use

Revision History

June 14, 2005: Initial release