From alerts@us-cert.gov Wed Oct 13 03:36:12 2004 From: US-CERT Alerts To: alerts@us-cert.gov Date: Tue, 12 Oct 2004 17:18:44 -0400 Subject: US-CERT Cyber Security Alert SA04-286A -- Multiple Vulnerabilities in Microsoft Windows, Internet Explorer, and Excel -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Cyber Security Alert SA04-286A Multiple Vulnerabilities in Microsoft Windows, Internet Explorer, and Excel Original release date: October 12, 2004 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Internet Explorer * Microsoft Excel, including Macintosh versions Overview By taking advantage of one or more vulnerabilities in Microsoft products, an attacker may be able to take control of your computer. Solution Apply updates Microsoft has released security updates for a number of products, including Windows, Internet Explorer, and Excel. To obtain the updates, visit the Windows Update and Office Update web sites. US-CERT also recommends enabling Automatic Updates. Description There are vulnerabilities in multiple Microsoft products, including Windows, Internet Explorer, and Excel. Many of these vulnerabilities could allow an attacker to take control of your computer. In some cases, an attacker could exploit a vulnerability without any action from you. In other cases, you would need to open a malicious document such as a web site, email message, image, or Excel spreadsheet. References * Windows Security Updates for October 2004 - * Protect Your PC - _________________________________________________________________ Feedback can be directed to US-CERT at . Please include the subject line "SA04-286A Feedback INFO#580012". _________________________________________________________________ This document is available from: _________________________________________________________________ Copyright 2004 Carnegie Mellon University. Terms of use: _________________________________________________________________ Revision History October 12, 2004: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQWxIXRhoSezw4YfQAQKOqQf9Hk6nZ1+48VtKQxnp/G8inbih2LduPRtI 7HxdWWpMPgOcyYQ79KuxZ/R/KZLoWrvjWQdkkSg5CidCRq5h220L9bYlAixlBIOc Z5xKl8f6rR0AU3VyCnsFMcdlP6H1lsPw/e454r9EMpc4vx5eSrG7JE9PHH+aOVjF PkiZWCiQHlWRNdLFkjK+8qUff28I5oxz7g+SP7v93tkgyemuXNQS50EsebK2R0DG yUYUZxBG5rYCi6cfwpNdWYl4w4syovsKMpXKOLmYCDduBZ/e3Cotcedq3XP69ijQ L6MGMbmF7sH3OBv05iVjvTEyUOgpEvaoUqelMbfDKSLoUk6Tk3usiw== =wcl5 -----END PGP SIGNATURE-----