From; US-CERT Alerts: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Microsoft Windows and Internet Explorer Vulnerabilities Original release date: June 14, 2005 Last revised: -- Source: US-CERT Systems Affected Microsoft Windows and various Microsoft products, including Internet Explorer Overview By taking advantage of vulnerabilities in various Microsoft products, an attacker may be able to stop affected programs or take control of your computer. Microsoft has released updates to address these issues. Solution Install Updates Microsoft has released security updates for Windows and Internet Explorer. To obtain the updates, visit the Windows Update web site. US-CERT also recommends enabling Automatic Updates. Description There are problems with various Microsoft applications and features: * Help system - The HTML Help system is used by many Microsoft Windows applications. An attacker may be able to create a malicious help file that may allow him or her to gain control of your computer. * Image handling - Images can be saved in multiple formats, including .jpg, .gif, and .png. An attacker may be able to create a malicious image file that, if you view it, will allow him or her to stop affected programs or take control of your computer. * Networking - Microsoft Windows uses networking to allow your computer to talk to printers and other computers. A vulnerability in Windows networking may allow an attacker to take control of your computer. For more technical information, see US-CERT Technical Alert TA05-165A. References * US-CERT Technical Cyber Security Alert TA05-165A - <http://www.us-cert.gov/cas/techalerts/TA05-165A.html> * Microsoft Security Bulletin Summary for June, 2005 - <http://www.microsoft.com/technet/security/bulletin/ms05-jun.mspx> _________________________________________________________________ Author: Mindi McDowell. Feedback can be directed to US-CERT. _________________________________________________________________ Revision History June 14, 2005: Initial release _________________________________________________________________ This document is available from: <http://www.us-cert.gov/cas/alerts/SA05-165A.html> Produced 2005 by US-CERT, a government organization. Terms of use <http://www.us-cert.gov/legal.html> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQq90xhhoSezw4YfQAQI3iQf9Fe842rAMCL5LdBqRxBMqbqCbWwvSsAJc oalk3vNHE1LI/MsQ76NT2NzYLQ78SZ+J03U9MzFZd/s5aJg0Wi80WRDsxLu2APn/ KkepDeVFOP1Dt/V/j4nGnVc+9D7n4R/1v39AV6S0RW5d6qDLJrGoO2hkBcf63Ow2 uzr/nWPnfl0ZWs0xbOX66RoiYpu8ZuRLAnOvpKY2YiJ3a+aVaiP2jzu0E4GD1Qhs zoyB9FJG0SwyjokyQEft3B7VFHwbetoV5gfu93rV9pa2kF27iCZ6tTm1X7SnTxjk VS6q24Qo2+j67uADIRZU7Mo4Ut7SeDbJ/BgQ2nv2Lo/+QvXFw4rSEQ== =8A8x -----END PGP SIGNATURE----- *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member