US-CERT Cyber Security Alert SA07-009A -- Microsoft Updates for Multiple Vulnerabilities

National Cyber Alert System

Cyber Security Alert SA07-009A

Microsoft Updates for Multiple Vulnerabilities

Original release date: January 9, 2007
Last revised: --
Source: US-CERT

Systems Affected

Microsoft Windows
Microsoft Internet Explorer
Microsoft Outlook
Microsoft Excel for Windows and Mac OS X

Overview

Vulnerabilities in Microsoft Windows, Internet Explorer, Outlook, and Excel could allow an attacker to gain control of your computer.

Solution

Apply Update

Microsoft has provided updates to remedy these vulnerabilities. To obtain these updates, visit the Microsoft Update web site. We also recommend enabling Automatic Updates.

Users of Office for Mac OS X should obtain updates from the Mactopia website.

Description

Vulnerabilities in Microsoft Windows, Internet Explorer, Outlook, and Excel may allow an attacker to access your computer, install and run malicious software on your computer, or cause it to crash. An attacker could exploit these vulnerabilities by using specially crafted network traffic, or by convincing you to view a specially crafted Office document.

For more technical information, see US-CERT Technical Alert TA07-009A.

References

Technical Alert TA07-009A - <http://www.us-cert.gov/cas/techalerts/TA07-009A.html>

Vulnerability Notes for Microsoft January 2007 updates - <http://www.kb.cert.org/vuls/byid?searchview&query=ms07-jan>

Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/>
Using Caution with Email Attachments - <http://www.us-cert.gov/cas/tips/ST04-010.html>

Microsoft Security Essentials - <http://www.microsoft.com/protect/>

Microsoft security updates for January 2007 - <http://www.microsoft.com/athome/security/update/bulletins/200701.mspx>

Microsoft Update - <https://update.microsoft.com/microsoftupdate/>

Microsoft Office Update - <http://officeupdate.microsoft.com/>

Mactopia - <http://www.microsoft.com/mac/>

Microsoft Automatic Updates - <http://www.microsoft.com/athome/security/update/msupdate_keep_current.mspx#EZB>

Feedback can be directed to US-CERT.

Produced 2007 by US-CERT, a government organization. Terms of use

Revision History

January 9, 2007: Initial release

Last updated January 09, 2007

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting