From alerts@us-cert.gov Fri Jul  2 18:48:37 2004
From: US-CERT Alerts <alerts@us-cert.gov>
To: alerts@us-cert.gov
Date: Fri, 2 Jul 2004 18:11:46 -0400
Subject: US-CERT Cyber Security Alert SA04-184A -- Important Internet
    Explorer Update Available 


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Cyber Security Alert SA04-184A

Important Internet Explorer Update Available

   Original release date: July 2, 2004
   Last revised: --
   Source: US-CERT


Systems Affected

     Systems running Internet Explorer and Microsoft Windows


Overview

     Microsoft has released an important security update for Internet
     Explorer (IE). This update greatly reduces the impact of attacks
     against several vulnerabilities in IE.


Description

     Several vulnerabilities in IE could allow a malicious web site or
     HTML email message to install software on your computer. This
     software could be used to steal sensitive financial information or
     perform other actions. Recent incident activity has been referred to
     as Download.Ject, JS.Scob.Trojan, Scob, and JS.Toofeer.

     Microsoft has released a security update for IE that provides
     increased protection against this type of attack. Note that this
     update may not prevent attacks in all cases.


Resolution

Install Critical Update

     US-CERT recommends that users install the update from the Microsoft
     Download Center (KB870669) or the Windows Update web site.

Increase IE Security Settings

     In addition, US-CERT strongly recommends that users modify IE
     security settings according to the instructions in the Malicious
     Web Scripts FAQ.

Further information is available from Microsoft in What You Should
Know About Download.Ject.


References

     * US-CERT Technical Alert TA04-184A -
       <http://www.us-cert.gov/cas/techalerts/TA04-184A.html>

     * US-CERT Technical Alert TA04-163A -
       <http://www.us-cert.gov/cas/techalerts/TA04-163A.html>

     * US-CERT Vulnerability Note VU#713878 -
       <http://www.kb.cert.org/vuls/id/713878>

     * Malicious Web Scripts FAQ -
       <http://www.cert.org/tech_tips/malicious_code_FAQ.html>

     * What You Should Know About Download.Ject -
       <http://www.microsoft.com/security/incident/download_ject.mspx>

     * Increase Your Browsing and E-Mail Safety -
       <http://www.microsoft.com/security/incident/settings.mspx>

     * Working with Internet Explorer 6 Security Settings -
       <http://www.microsoft.com/windows/ie/using/howto/security/settings
       .mspx>

     _________________________________________________________________


   Author: Art Manion

   Please send feedback to <mailto:cert@cert.org>.

   Please include the Subject field "SA04-184A Feedback VU#713878".

     _________________________________________________________________


   Copyright 2004 Carnegie Mellon University.

   Terms of use:  <http://www.us-cert.gov/legal.html>

     _________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/alerts/SA04-184A.html>

     _________________________________________________________________


   Revision History

   July 2, 2004: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFA5dRjXlvNRxAkFWARAgs7AJ9lLyZM5UCLKHHt6e5UqwncpMmOzwCfb5Jc
i3gWFCJ4xcUw62thu6taO7o=
=VQNs
-----END PGP SIGNATURE-----