From alerts@us-cert.gov Wed Jul 14 18:14:32 2004 From: US-CERT Alerts To: alerts@us-cert.gov Date: Wed, 14 Jul 2004 16:55:05 -0400 Subject: US-CERT Cyber Security Alert SA04-196A -- Multiple Vulnerabilities in Microsoft Windows Components and Outlook Express -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Cyber Security Alert SA04-196A Multiple Vulnerabilities in Microsoft Windows Components and Outlook Express Original release date: July 14, 2004 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows Systems Overview Microsoft has released a Security Bulletin Summary for July, 2004. There are several security bulletins released in this summary. I. Description Microsoft's Security Bulletin Summary for July, 2004 includes summaries of several bulletins that address vulnerabilities in various Windows applications and components. For more technical information, see US-CERT Technical Alert TA04-196A. II. Impact An attacker may be able to control your computer if these vulnerabilities are exploited. III. Solution Apply a patch Microsoft has provided the patches for these vulnerabilities in the Security Bulletins and on Windows Update. Do not follow unsolicited links Do not click on unsolicited links received in email, instant messages, web forums, or chat rooms. While this is generally a good security practice, following this behavior will not prevent the exploitation of these vulnerabilities in all cases. Maintain updated anti-virus software Anti-virus software with updated virus definitions may identify and prevent some exploit attempts. Update your anti-virus software. More information about viruses and anti-virus vendors is available on the US-CERT Computer Virus Resources page. Appendix A. Vendor Information Specific information about the Security bulletins are available in the Security Bulletin Summary for July, 2004 and the US-CERT Vulnerability Notes for these issues. Appendix B. References * Microsoft's Security Bulletin Summary for July, 2004 - * US-CERT Technical Cyber Security Alert TA04-196A - * US-CERT Vulnerability Note VU#106324 - * US-CERT Vulnerability Note VU#187196 - * US-CERT Vulnerability Note VU#920060 - * US-CERT Vulnerability Note VU#228028 - * US-CERT Vulnerability Note VU#717748 - * US-CERT Vulnerability Note VU#647436 - * US-CERT Vulnerability Note VU#868580 - * US-CERT Vulnerability Note VU#869640 - * Increase Your Browsing and E-Mail Safety - * Working with Internet Explorer 6 Security Settings - _________________________________________________________________ This alert was created by Jason A. Rafail. Feedback can be directed to the Vulnerability Note authors: Jason A. Rafail, Jeff P. Lanza, Chad R. Dougherty, Damon G. Morda, and Art Manion. _________________________________________________________________ This document is available from: _________________________________________________________________ Copyright 2004 Carnegie Mellon University. Terms of use: _________________________________________________________________ Revision History July 14, 2004: Initial release Last updated July 14, 2004 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFA9ZtvXlvNRxAkFWARAnDjAJwJ7gCV6YRnmSsTtYmG6Dd7SaMjxwCggpwE 4lrQPmNkUrEeucI0ON3zTTw= =auPO -----END PGP SIGNATURE-----