Copyright 2024 - CSIM - Asian Institute of Technology

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Subject: US-CERT Technical Cyber Security Alert TA06-346A -- Microsoft Updates for Multiple Vulnerabilities
From: CERT Advisory <This email address is being protected from spambots. You need JavaScript enabled to view it.>
Date: Tue, 12 Dec 2006 17:10:02 -0500


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                        National Cyber Alert System

                 Technical Cyber Security Alert TA06-346A


Microsoft Updates for Multiple Vulnerabilities

   Original release date: December 12, 2006
   Last revised: --
   Source: US-CERT


Systems Affected

     * Microsoft Windows
     * Microsoft Visual Studio
     * Microsoft Outlook Express
     * Microsoft Media Player
     * Microsoft Internet Explorer
     * Microsoft Office 2004 for Mac
     * Microsoft Office v. X for Mac


Overview

   Microsoft has released updates that address critical vulnerabilities
   in Microsoft Windows, Visual Studio, Microsoft Outlook Express,
   Microsoft Media Player, and Microsoft Internet Explorer. Exploitation
   of these vulnerabilities could allow a remote, unauthenticated
   attacker to execute arbitrary code or cause a denial of service on a
   vulnerable system.


I. Description

   Microsoft has released updates to address vulnerabilities in Microsoft
   Windows, Visual Studio, Microsoft Outlook Express, Microsoft Media
   Player, and Microsoft Internet Explorer as part of the Microsoft
   Security Bulletin Summary for December 2006. The most severe
   vulnerabilities could allow a remote, unauthenticated attacker to
   execute arbitrary code or cause a denial of service on a vulnerable
   system.

   Note that in addition to the regular monthly security bulletins,
   Microsoft has also published updates for the Apple Mac versions of
   Microsoft Office. See the references section of this document for more
   details.

   Further information is available in the Vulnerability Notes Database.


II. Impact

   A remote, unauthenticated attacker could execute arbitrary code on a
   vulnerable system. An attacker may also be able to cause a denial of
   service.


III. Solution

Apply updates from Microsoft

   Microsoft has provided updates for these vulnerabilities in the
   December 2006 Security Bulletins. The Security Bulletins describe any
   known issues related to the updates. Note any known issues described
   in the Bulletins and test for any potentially adverse affects in your
   environment. System administrators may wish to consider using an
   automated patch distribution system such as Windows Server Update
   Services (WSUS).


IV. References

     * US-CERT Vulnerability Notes for Microsoft December 2006 updates -
       <http://www.kb.cert.org/vuls/byid?searchview&query=ms06-dec>
     * Microsoft Security Bulletin Summary for December 2006 -
       <http://www.microsoft.com/technet/security/bulletin/ms06-dec.mspx>
     * Microsoft Update - <https://update.microsoft.com/microsoftupdate/>
     * Windows Server Update Services -
       <http://www.microsoft.com/windowsserversystem/updateservices/default.mspx>
     * Microsoft Office 2004 for Mac 11.3.1 Update -
       <http://www.microsoft.com/mac/downloads.aspx?pid=download&location=/mac/download/office2004/Office2004_11.3.1.xml>
     * Microsoft Office v. X for Mac Security Update (2006-12-12) -
       <http://www.microsoft.com/mac/downloads.aspx?pid=download&location=/mac/download/officex/OfficeX_12_12_2006.xml>


 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA06-346A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <This email address is being protected from spambots. You need JavaScript enabled to view it.> with "TA06-346A Feedback VU#622008" in the
   subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________
    
   Revision History

   December 12, 2006: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRX8nIuxOF3G+ig+rAQKLzAf+IYsKY+ZOZagoHjT+q0iTHi9lsLLkx1X3
HP1BlAI0v+rlMMghW+5qTnMKZHnKj8+CQIqCino0HQBfho4SLPrRlR0mdeELyy4G
lsIo+xs04pENJTE0ZVS9k6ip4psjedQZgnc/DOPP9YtVlxPbIeK97p8dpdgZM80X
KN5YXbaQkJZbnAxxQos3r2VVrIAwJWES4xANc5bZv7RS+zNsC35jfh9gQX9wVNIV
1LcMTkE8V7Qa664hEFc7RKWTmxe2NqL45H6MoYYskM0WMDrrJgQx03Zh38FexfLl
MRh+ZUa8YLTeklw+rcdU2LJ7ZsYIWMKzVjCOxG01DFsJkF5udQ7IrA==
=Y7c7
-----END PGP SIGNATURE-----
Powered by: MHonArc

Login Form

Search

School of Engineering and technologies     Asian Institute of Technology