From alerts@us-cert.gov Wed Oct 13 03:36:12 2004
From: US-CERT Alerts <alerts@us-cert.gov>
To: alerts@us-cert.gov
Date: Tue, 12 Oct 2004 17:18:44 -0400
Subject: US-CERT Cyber Security Alert SA04-286A -- Multiple Vulnerabilities
    in Microsoft Windows, Internet Explorer, and Excel 


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                        National Cyber Alert System
                       Cyber Security Alert SA04-286A


Multiple Vulnerabilities in Microsoft Windows, Internet Explorer, and Excel


   Original release date: October 12, 2004
   Last revised: --
   Source: US-CERT


Systems Affected

     * Microsoft Windows
     * Microsoft Internet Explorer
     * Microsoft Excel, including Macintosh versions


Overview

     By taking advantage of one or more vulnerabilities in Microsoft
     products, an attacker may be able to take control of your computer.


Solution

  Apply updates

     Microsoft has released security updates for a number of products,
     including Windows, Internet Explorer, and Excel. To obtain the
     updates, visit the Windows Update and Office Update web sites.
     US-CERT also recommends enabling Automatic Updates.


Description

     There are vulnerabilities in multiple Microsoft products, including
     Windows, Internet Explorer, and Excel. Many of these
     vulnerabilities could allow an attacker to take control of your
     computer. In some cases, an attacker could exploit a vulnerability
     without any action from you. In other cases, you would need to open
     a malicious document such as a web site, email message, image, or
     Excel spreadsheet.


References

     * Windows Security Updates for October 2004 -
       <http://www.microsoft.com/security/bulletins/200410_windows.mspx>

     * Protect Your PC - <http://www.microsoft.com/protect/>

     _________________________________________________________________


   Feedback can be directed to US-CERT at <cert@cert.org>.  Please
   include the subject line "SA04-286A Feedback INFO#580012".

     _________________________________________________________________


   This document is available from:

      <http://www.us-cert.gov/cas/alerts/SA04-196A.html>

     _________________________________________________________________


   Copyright 2004 Carnegie Mellon University.

   Terms of use: <http://www.us-cert.gov/legal.html>

     _________________________________________________________________


   Revision History

   October 12, 2004: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQWxIXRhoSezw4YfQAQKOqQf9Hk6nZ1+48VtKQxnp/G8inbih2LduPRtI
7HxdWWpMPgOcyYQ79KuxZ/R/KZLoWrvjWQdkkSg5CidCRq5h220L9bYlAixlBIOc
Z5xKl8f6rR0AU3VyCnsFMcdlP6H1lsPw/e454r9EMpc4vx5eSrG7JE9PHH+aOVjF
PkiZWCiQHlWRNdLFkjK+8qUff28I5oxz7g+SP7v93tkgyemuXNQS50EsebK2R0DG
yUYUZxBG5rYCi6cfwpNdWYl4w4syovsKMpXKOLmYCDduBZ/e3Cotcedq3XP69ijQ
L6MGMbmF7sH3OBv05iVjvTEyUOgpEvaoUqelMbfDKSLoUk6Tk3usiw==
=wcl5
-----END PGP SIGNATURE-----