US-CERT Cyber Security Alert SA06-346A -- Vulnerabilities in Microsoft Products

National Cyber Alert System

Cyber Security Alert SA06-346A

Vulnerabilities in Microsoft Products

Original release date: December 12, 2006
Last revised: December 15, 2006
Source: US-CERT

Systems Affected

Microsoft Windows
Microsoft Visual Studio
Microsoft Outlook Express
Microsoft Media Player
Microsoft Internet Explorer

Overview

Vulnerabilities in Microsoft Windows and Visual Studio could allow an attacker to gain control of your computer.

Solution

Apply Update

Microsoft has provided updates to remedy these vulnerabilities. To obtain these updates, visit the Microsoft Update web site. We also recommend enabling Automatic Updates.

Description

Vulnerabilities in Microsoft Windows, Visual Studio, Outlook Express, Media Player, and Internet Explorer may allow an attacker to access your computer, install and run malicious software on your computer, or cause it to crash. An attacker could exploit these vulnerabilities by using specially crafted network traffic, or by convincing you to view a specially crafted web site or HTML email message.

For more technical information, see US-CERT Technical Alert TA06-346A.

References

Technical Alert TA06-346A - <http://www.us-cert.gov/cas/techalerts/TA06-346A.html>

Vulnerability Notes for Microsoft December 2006 updates - <http://www.kb.cert.org/vuls/byid?searchview&query=ms06-dec>

Microsoft Security Essentials - <http://www.microsoft.com/protect/>

Microsoft security updates for December 2006 - <http://www.microsoft.com/athome/security/update/bulletins/200612.mspx>

Microsoft Update - <https://update.microsoft.com/microsoftupdate/>

Microsoft Automatic Updates - <http://www.microsoft.com/athome/security/update/msupdate_keep_current.mspx#EZB>

Information from Microsoft regarding accidental release of security updates for Office products for Mac - <http://blogs.technet.com/msrc/archive/2006/12/13/information-on-accidental-posting-of-pre-release-security-updates-for-office-for-mac.aspx>

Feedback can be directed to US-CERT.

Produced 2006 by US-CERT, a government organization. Terms of use

Revision History

December 12, 2006: Initial release
December 15, 2006: Replaced information about Mac updates with a reference to a Microsoft explanation about the error.

Last updated December 15, 2006

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting