[virusinfo] US-CERT Cyber Security Alert SA05-102A -- Multiple Vulnerabilities in Microsoft Windows Components

  • From: "Mike" <mikebike@xxxxxxxxx>
  • To: virusinfo@xxxxxxxxxxxxx
  • Date: Tue, 12 Apr 2005 19:37:33 -0700


From; US-CERT Alerts:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                   Cyber Security Alert SA05-102A

      Multiple Vulnerabilities in Microsoft Windows Components


   Original release date: April 12, 2005
   Last revised: --
   Source: US-CERT


Systems Affected

   *  Microsoft Windows Systems
   
   For a complete list of affected versions of the Windows operating
   systems and components, refer to the April 2005 Updates for Windows,
   MSN Messenger, and Office.


Overview

     There are multiple vulnerabilities in Microsoft Windows, Internet
     Explorer, MSN Messenger, and Word.


Description

     There are vulnerabilities in Microsoft Windows, Internet Explorer,
     MSN Messenger, and Word that may allow an attacker to take control
     of your computer or cause it to crash. To exploit some of these
     vulnerabilities, an attacker may attempt to convince you to view a
     malicious web page, image, or Word document.

     For more technical information, see US-CERT Technical Alert
     TA05-102A.


Resolution

Apply an update

     Obtain the appropriate updates from Windows Update or by using
     Automatic Updates.

Do not follow unsolicited links

     Do not click on unsolicited links received in email, instant
     messages, web forums, or chat rooms. While this is generally a good
     security practice, following this behavior will not prevent the
     exploitation of these vulnerabilities in all cases.

Maintain updated anti-virus software

     Anti-virus software with updated virus definitions may identify and
     prevent some exploit attempts. Update your anti-virus software.
     More information about viruses and anti-virus vendors is available
     on the US-CERT Computer Virus Resources page.


References

     * Microsoft Security Bulletin Summary for April, 2005 -
       <http://www.microsoft.com/technet/security/bulletin/ms05-apr.mspx>

     * US-CERT Technical Cyber Security Alert TA05-102A -
       <http://www.us-cert.gov/cas/techalerts/TA05-102A.html>

     * US-CERT Vulnerability Note VU#774338 -
       <http://www.kb.cert.org/vuls/id/774338>

     * US-CERT Vulnerability Note VU#756122 -
       <http://www.kb.cert.org/vuls/id/756122>

     * US-CERT Vulnerability Note VU#222050 -
       <http://www.kb.cert.org/vuls/id/222050>

     * US-CERT Vulnerability Note VU#633446 -
       <http://www.kb.cert.org/vuls/id/633466>

     * US-CERT Vulnerability Note VU#233754 -
       <http://www.kb.cert.org/vuls/id/233754>

     * US-CERT Vulnerability Note VU#442567 -
       <http://www.kb.cert.org/vuls/id/442567>

     * US-CERT Vulnerability Note VU#752591 -
       <http://www.kb.cert.org/vuls/id/752591>

     _________________________________________________________________

   Authors: Eric J. Hayes and Art Manion. Feedback can be directed to
   US-CERT. Send mail to <cert@xxxxxxxx>. Please include the subject
   line "SA05-102A Feedback VU#222050".
   _________________________________________________________________


   Copyright 2005 Carnegie Mellon University.

   Terms of use: <http://www.us-cert.gov/legal.html>

   _________________________________________________________________


   This document is available from

   <http://www.us-cert.gov/cas/alerts/SA05-102A.html>

   _________________________________________________________________


   Revision History

   April 12, 2005: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQlxzNxhoSezw4YfQAQIA2gf9GlzquXm7kq75VmjMVRjn8Vri5yiaSdZQ
qAv6NOLmgTXCh063pwIintChMq82rzuhnGYGwnaB/ELs1RzzrhENrOjdnSBdFk/Q
Q5ZSPRLvEwBCWBS72ODsw5vmab3b7OqCTJ/NLlvoGwDbmd2YgR2h1fwxfUNHXNau
eiahMtwCMIYnyJyTXxhCdCQXjD3LMCaFjkRWXOq9VaFMaex7FEnGLvwEToyV7aLp
QWmEZnY1vnsTR+kUiwR4VmRdxEizPD0uNB4DxtVGGztBuZnbVsIZ88iXhKd1uTHY
bykPk86/QQ+HsvjOfMeXELbOSDofa8sD+zcPO9I+qIXKosYPt4yPaw==
=xTDx
-----END PGP SIGNATURE-----

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member

Other related posts:

  • » [virusinfo] US-CERT Cyber Security Alert SA05-102A -- Multiple Vulnerabilities in Microsoft Windows Components
  1. Home
  2. virusinfo
  3. Archive
  4. 04-2005