US-CERT Cyber Security Alert SA05-012A -- Multiple Vulnerabilities in Microsoft Windows

National Cyber Alert System

Cyber Security Alert SA05-012A

Multiple Vulnerabilities in Microsoft Windows

Original release date: January 12, 2005
Last revised: --
Source: US-CERT

Systems Affected

Windows 98, Me, 2000, XP, and Server 2003

Internet Explorer 5.x and 6.x

Other Windows programs that use MSHTML

Overview

An attacker may be able to take control of your computer by taking advantage of two different vulnerabilities in Internet Explorer and Windows.

Description

There is a vulnerability in the way Internet Explorer processes certain HTML code. There is also a vulnerability in the way Microsoft Windows handles certain images. By exploiting either vulnerability, an attacker may be able to take control of your computer.

Reports indicate that one of these vulnerabilities is being exploited by malicious code referred to as Phel.

Resolution

Apply an update

Install the updates as described in Microsoft Security Bulletins MS05-001 and MS05-002. Obtain the appropriate updates from Windows Update or by using Automatic Updates.

References

US-CERT Technical Alert TA05-012A - <http://www.us-cert.gov/cas/techalerts/TA05-012A.html>

US-CERT Technical Alert TA05-012B - <http://www.us-cert.gov/cas/techalerts/TA05-012B.html>

Vulnerability Note VU#972415 - <http://www.kb.cert.org/vuls/id/972415>

Vulnerability Note VU#625856 - <http://www.kb.cert.org/vuls/id/625856>

Author: Michael D. Durkota

Revision History

January 12, 2005: Initial release

Last updated February 11, 2008

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting