From alerts@us-cert.gov Wed Aug 4 20:24:53 2004 From: US-CERT Alerts To: alerts@us-cert.gov Date: Fri, 30 Jul 2004 20:45:05 -0400 Subject: US-CERT Cyber Security Alert SA04-212A -- Multiple Vulnerabilities in Systems Running Microsoft Windows -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vulnerabilities in Systems Running Microsoft Windows Original release date: July 30, 2004 Last revised: -- Source: US-CERT Systems Affected - Microsoft Windows systems; specifically, some versions of the following programs: * Microsoft Windows NT * Microsoft Windows 2000 * Microsoft Windows XP * Microsoft Windows Server 2003 * Microsoft Windows 98 * Microsoft Windows Millennium Edition * Microsoft Internet Explorer 5 * Microsoft Internet Explorer 6 Overview Microsoft has reported two vulnerabilities in the way Internet Explorer processes certain types of images. Attackers may be able to gain control of your machine if you view a malicious image, visit a web page, or open an email message that contains these images. Microsoft has also published an update to address the cross-domain vulnerability discussed in SA04-163A. This vulnerability may allow an attacker to alter a web site to point to a different location. If the attacker can convince you to visit the site, they may be able to gain control of your machine. Solution Apply a patch Microsoft has issued updates that resolve this problem. Obtain the appropriate update from Windows Update Use caution with email attachments Never open unexpected email attachments. Before opening an attachment, save it to a disk and scan it with anti-virus software. Make sure to turn off the option to automatically download attachments. View email messages in plain text Email programs like Outlook and Outlook Express interpret HTML code the same way that Internet Explorer does. Attackers may be able to take advantage of that by sending malicious HTML-formatted email messages. Maintain updated anti-virus software It is important that you use anti-virus software and keep it up to date. Most anti-virus software vendors frequently release updated information, tools, or virus databases to help detect and recover from virus infections. Many anti-virus packages support automatic updates of virus definitions. US-CERT recommends using these automatic updates when possible. Description In Microsoft Security Bulletin MS04-025, Microsoft describes a critical vulnerability in the way Internet Explorer processes .GIF and .BMP images. An attacker can use malicious images on a web page or in HTML-formatted email messages. If the attacker can convince a user to visit the web page, open the message, or otherwise view the image, the attacker may be able to gain control of the user's machine. There is also a vulnerability in the way Internet Explorer processes scripts. An attacker may be able to take advantage of frames to redirect users to a malicious web site. More technical information about this issue is available in TA04-212A and Microsoft Security Bulletin MS04-025. References * Windows Security Updates for July 2004 - * Multiple Remote Code Execution Vulnerabilities in Microsoft Internet Explorer - * Microsoft Security Bulletin MS04-025 - * US-CERT Computer Virus Resources - * Understanding Anti-Virus Software - * Using Caution with Email Attachments - * Home Network Security - * Home Computer Security -