Microsoft Internet Explorer Vulnerabilities
Original release date: December 13, 2005
Last revised: December 23, 2005
Source: US-CERT
Systems Affected
- Microsoft Windows
- Microsoft Internet Explorer
For more complete information, refer to the Microsoft Security
Bulletin Summary for December 2005.
Overview
Microsoft has released updates that address critical vulnerabilities in Internet Explorer.
Solution
Apply Updates
Microsoft has released security updates for Internet Explorer. To
obtain the updates, visit the Microsoft Update web site.
US-CERT also recommends enabling
Automatic Updates.
Disable ActiveX
Instructions for disabling ActiveX controls in the Internet Zone can be found in the Malicious Web Scripts FAQ. Note that disabling ActiveX will reduce the functionality of some web sites. For example, the Microsoft Update site will not work with ActiveX disabled. To enable ActiveX for a web site, add that site to the Trusted Sites Zone. To protect against future threats, consider disabling ActiveX as well as applying the December 2005 updates.
Do not follow unsolicited links
Do not click on unsolicited URLs received in email, instant messages, web forums, or internet relay chat (IRC) channels.
Description
Microsoft Security Bulletins for December 2005 address vulnerabilities in Internet Explorer. These vulnerabilities may allow an attacker to take control
of your computer or cause it to crash. For more technical information, see US-CERT
Technical Cyber Security Alert TA05-347A.
References
Feedback can be directed to the US-CERT Technical
Staff.
Produced 2005 by US-CERT, a government organization.
Terms of use
Revision History
December 13, 2005: Initial release, added workaround for ActiveX use in Trusted Sites Zone
December 23, 2005: Updated Solution to disable ActiveX and apply update
Mailing Lists & Feeds
Get Adobe Reader
US-CERT is part of the Department of Homeland Security