[SECURITY-L] US-CERT Technical Cyber Security Alert TA06-346A -- Microsoft Updates for Multiple Vulnerabilities
CSIRT - UNICAMP
security em unicamp.br
Qui Dez 14 09:27:25 -02 2006
----- Forwarded message from US-CERT Technical Alerts <technical-alerts em us-cert.gov> -----
From: US-CERT Technical Alerts <technical-alerts em us-cert.gov>
Subject: US-CERT Technical Cyber Security Alert TA06-346A -- Microsoft Updates for Multiple Vulnerabilities
To: technical-alerts em us-cert.gov
Date: Tue, 12 Dec 2006 17:07:18 -0500
Organization: US-CERT - +1 202-205-5266
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-346A
Microsoft Updates for Multiple Vulnerabilities
Original release date: December 12, 2006
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Visual Studio
* Microsoft Outlook Express
* Microsoft Media Player
* Microsoft Internet Explorer
* Microsoft Office 2004 for Mac
* Microsoft Office v. X for Mac
Overview
Microsoft has released updates that address critical vulnerabilities
in Microsoft Windows, Visual Studio, Microsoft Outlook Express,
Microsoft Media Player, and Microsoft Internet Explorer. Exploitation
of these vulnerabilities could allow a remote, unauthenticated
attacker to execute arbitrary code or cause a denial of service on a
vulnerable system.
I. Description
Microsoft has released updates to address vulnerabilities in Microsoft
Windows, Visual Studio, Microsoft Outlook Express, Microsoft Media
Player, and Microsoft Internet Explorer as part of the Microsoft
Security Bulletin Summary for December 2006. The most severe
vulnerabilities could allow a remote, unauthenticated attacker to
execute arbitrary code or cause a denial of service on a vulnerable
system.
Note that in addition to the regular monthly security bulletins,
Microsoft has also published updates for the Apple Mac versions of
Microsoft Office. See the references section of this document for more
details.
Further information is available in the Vulnerability Notes Database.
II. Impact
A remote, unauthenticated attacker could execute arbitrary code on a
vulnerable system. An attacker may also be able to cause a denial of
service.
III. Solution
Apply updates from Microsoft
Microsoft has provided updates for these vulnerabilities in the
December 2006 Security Bulletins. The Security Bulletins describe any
known issues related to the updates. Note any known issues described
in the Bulletins and test for any potentially adverse affects in your
environment. System administrators may wish to consider using an
automated patch distribution system such as Windows Server Update
Services (WSUS).
IV. References
* US-CERT Vulnerability Notes for Microsoft December 2006 updates -
<http://www.kb.cert.org/vuls/byid?searchview&query=ms06-dec>
* Microsoft Security Bulletin Summary for December 2006 -
<http://www.microsoft.com/technet/security/bulletin/ms06-dec.mspx>
* Microsoft Update - <https://update.microsoft.com/microsoftupdate/>
* Windows Server Update Services -
<http://www.microsoft.com/windowsserversystem/updateservices/default.mspx>
* Microsoft Office 2004 for Mac 11.3.1 Update -
<http://www.microsoft.com/mac/downloads.aspx?pid=download&location=/mac/download/office2004/Office2004_11.3.1.xml>
* Microsoft Office v. X for Mac Security Update (2006-12-12) -
<http://www.microsoft.com/mac/downloads.aspx?pid=download&location=/mac/download/officex/OfficeX_12_12_2006.xml>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-346A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert em cert.org> with "TA06-346A Feedback VU#622008" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
December 12, 2006: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRX8nIuxOF3G+ig+rAQKLzAf+IYsKY+ZOZagoHjT+q0iTHi9lsLLkx1X3
HP1BlAI0v+rlMMghW+5qTnMKZHnKj8+CQIqCino0HQBfho4SLPrRlR0mdeELyy4G
lsIo+xs04pENJTE0ZVS9k6ip4psjedQZgnc/DOPP9YtVlxPbIeK97p8dpdgZM80X
KN5YXbaQkJZbnAxxQos3r2VVrIAwJWES4xANc5bZv7RS+zNsC35jfh9gQX9wVNIV
1LcMTkE8V7Qa664hEFc7RKWTmxe2NqL45H6MoYYskM0WMDrrJgQx03Zh38FexfLl
MRh+ZUa8YLTeklw+rcdU2LJ7ZsYIWMKzVjCOxG01DFsJkF5udQ7IrA==
=Y7c7
-----END PGP SIGNATURE-----
----- End forwarded message -----
Mais detalhes sobre a lista de discussão SECURITY-L