From; US-CERT Alerts: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cyber Security Alert SA05-102A Multiple Vulnerabilities in Microsoft Windows Components Original release date: April 12, 2005 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows Systems For a complete list of affected versions of the Windows operating systems and components, refer to the April 2005 Updates for Windows, MSN Messenger, and Office. Overview There are multiple vulnerabilities in Microsoft Windows, Internet Explorer, MSN Messenger, and Word. Description There are vulnerabilities in Microsoft Windows, Internet Explorer, MSN Messenger, and Word that may allow an attacker to take control of your computer or cause it to crash. To exploit some of these vulnerabilities, an attacker may attempt to convince you to view a malicious web page, image, or Word document. For more technical information, see US-CERT Technical Alert TA05-102A. Resolution Apply an update Obtain the appropriate updates from Windows Update or by using Automatic Updates. Do not follow unsolicited links Do not click on unsolicited links received in email, instant messages, web forums, or chat rooms. While this is generally a good security practice, following this behavior will not prevent the exploitation of these vulnerabilities in all cases. Maintain updated anti-virus software Anti-virus software with updated virus definitions may identify and prevent some exploit attempts. Update your anti-virus software. More information about viruses and anti-virus vendors is available on the US-CERT Computer Virus Resources page. References * Microsoft Security Bulletin Summary for April, 2005 - <http://www.microsoft.com/technet/security/bulletin/ms05-apr.mspx> * US-CERT Technical Cyber Security Alert TA05-102A - <http://www.us-cert.gov/cas/techalerts/TA05-102A.html> * US-CERT Vulnerability Note VU#774338 - <http://www.kb.cert.org/vuls/id/774338> * US-CERT Vulnerability Note VU#756122 - <http://www.kb.cert.org/vuls/id/756122> * US-CERT Vulnerability Note VU#222050 - <http://www.kb.cert.org/vuls/id/222050> * US-CERT Vulnerability Note VU#633446 - <http://www.kb.cert.org/vuls/id/633466> * US-CERT Vulnerability Note VU#233754 - <http://www.kb.cert.org/vuls/id/233754> * US-CERT Vulnerability Note VU#442567 - <http://www.kb.cert.org/vuls/id/442567> * US-CERT Vulnerability Note VU#752591 - <http://www.kb.cert.org/vuls/id/752591> _________________________________________________________________ Authors: Eric J. Hayes and Art Manion. Feedback can be directed to US-CERT. Send mail to <cert@xxxxxxxx>. Please include the subject line "SA05-102A Feedback VU#222050". _________________________________________________________________ Copyright 2005 Carnegie Mellon University. Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ This document is available from <http://www.us-cert.gov/cas/alerts/SA05-102A.html> _________________________________________________________________ Revision History April 12, 2005: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQlxzNxhoSezw4YfQAQIA2gf9GlzquXm7kq75VmjMVRjn8Vri5yiaSdZQ qAv6NOLmgTXCh063pwIintChMq82rzuhnGYGwnaB/ELs1RzzrhENrOjdnSBdFk/Q Q5ZSPRLvEwBCWBS72ODsw5vmab3b7OqCTJ/NLlvoGwDbmd2YgR2h1fwxfUNHXNau eiahMtwCMIYnyJyTXxhCdCQXjD3LMCaFjkRWXOq9VaFMaex7FEnGLvwEToyV7aLp QWmEZnY1vnsTR+kUiwR4VmRdxEizPD0uNB4DxtVGGztBuZnbVsIZ88iXhKd1uTHY bykPk86/QQ+HsvjOfMeXELbOSDofa8sD+zcPO9I+qIXKosYPt4yPaw== =xTDx -----END PGP SIGNATURE----- *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member