US-CERT Cyber Security Alert SA06-283A -- Microsoft Updates for Vulnerabilities in Windows, Office, and Internet Explorer

National Cyber Alert System

Cyber Security Alert SA06-283A

Microsoft Updates for Vulnerabilities in Windows, Office, and Internet Explorer

Original release date: October 10, 2006
Last revised: --
Source: US-CERT

Systems Affected

Microsoft Windows
Microsoft Office
Microsoft Internet Explorer

Overview

Vulnerabilities in Microsoft Windows, Internet Explorer, and Office could allow an attacker to gain control of your computer.

Solution

Apply Update

Microsoft has provided updates to remedy these vulnerabilities. To obtain these updates, visit the Microsoft Update web site. US-CERT also recommends enabling Automatic Updates.

Microsoft Office 2000 users must visit the Microsoft Office Update web site to get the appropriate updates.

Apple Mac OS X users should obtain updates from the Mactopia web site.

Do not open untrusted documents

Do not open unfamiliar or unexpected Office documents, including those received as email attachments or hosted on a web site. For more information, please see Using Caution with Email Attachments.

Description

Vulnerabilities in Microsoft Windows, Internet Explorer, and Office may allow an attacker to access your computer, install and run malicious software on your computer, or cause it to crash. An attacker could exploit these vulnerabilities by using specially crafted network traffic, by convincing you to click on a specially crafted URL, or by convincing you to open a specially crafted Office document. An Office document could be attached to an email message, hosted on a web site, or included in another Office document.

For more technical information, see US-CERT Technical Alert TA06-283A.

References

US-CERT Technical Alert TA06-283A - <http://www.us-cert.gov/cas/techalerts/TA06-283A.html>

US-CERT Vulnerability Notes for Microsoft October 2006 updates - <http://www.kb.cert.org/vuls/byid?searchview&query=ms06-oct>

Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/>
Using Caution with Email Attachments - <http://www.us-cert.gov/cas/tips/ST04-010.html>

Microsoft Security Essentials - <http://www.microsoft.com/protect/>

Microsoft security updates for October 2006 - <http://www.microsoft.com/athome/security/update/bulletins/200610.mspx>

Microsoft Update - <https://update.microsoft.com/microsoftupdate/>

Microsoft Office Update - <http://officeupdate.microsoft.com/>

Mactopia - <http://www.microsoft.com/mac/>

Microsoft Automatic Updates - <http://www.microsoft.com/athome/security/update/msupdate_keep_current.mspx#EZB>

Feedback can be directed to US-CERT.

Produced 2006 by US-CERT, a government organization. Terms of use

Revision History

October 10, 2006: Initial release

Last updated October 10, 2006

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory