From alerts@us-cert.gov Fri Feb 13 02:27:23 2004 From: US-CERT To: US-CERT-Community: ; Date: Tue, 10 Feb 2004 18:48:18 -0500 Subject: US-CERT Cyber Security Alert SA04-041A -- Multiple Vulnerabilities in Microsoft Windows -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vulnerabilities in Microsoft Windows Original release date: February 10, 2004 Last revised: -- Source: US-CERT Systems Affected Systems running Microsoft Windows Overview Microsoft Windows contains multiple vulnerabilities, the most serious of which could allow attackers to take control of your computer. Description Microsoft's updated Home User Security Bulletin for February 2004 describes more vulnerabilities in the Microsoft Windows operating system. Microsoft is tracking these issues as Security Update 828028. It is unclear at this time how many different ways your computer can be compromised using these vulnerabilities, so we recommend you apply the updates below as soon as possible. A technical description of these vulnerabilities is available from US-CERT in TA04-041A and from Microsoft in MS04-007. Resolution Apply a patch Microsoft has released a home user bulletin describing how to determine what patches you will need and how to get them. Follow the procedures outlined in Microsoft's updated Home User Security Bulletin for February 2004. For additional information, and to receive updates on this alert, go to http://www.us-cert.gov/cas/alerts/SA04-041A.html References * US-CERT Technical Alert TA04-041A - * Microsoft's Updated Home User Security Bulletin for February 2004 - * Microsoft Security Bulletin MS04-007 - * Microsoft Knowledge Base Article 828028: An ASN.1 vulnerability could allow code execution - _________________________________________________________________ This document is available from _________________________________________________________________ Copyright 2004 Carnegie Mellon University. Revision History February 10, 2004: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFAKWqWXlvNRxAkFWARAshWAJ9w+tmUsN6Ak1cduMM2PzkYnXOqKACg2dny /066jstMl6rfyY/lG3CtyYk= =ztpo -----END PGP SIGNATURE-----