US-CERT Cyber Security Alert SA06-192A -- Microsoft Windows, Office, and IIS Vulnerabilities

National Cyber Alert System

Cyber Security Alert SA06-192A

Microsoft Windows, Office, and IIS Vulnerabilities

Original release date: July 11, 2006
Last revised: --
Source: US-CERT

Systems Affected

Microsoft Windows
Microsoft Office
Microsoft Office for Mac
Microsoft Access
Microsoft Excel and Excel Viewer
Microsoft FrontPage
Microsoft Outlook
Microsoft PowerPoint
Microsoft Project
Microsoft Publisher
Microsoft Visio
Microsoft Word and Word Viewer

Overview

Critical vulnerabilities in Microsoft Windows and Microsoft Office may allow an attacker to take control of your computer.

Solution

Apply Update

Microsoft has provided updates to remedy these vulnerabilities. To obtain these updates, visit the Microsoft Update web site. US-CERT also recommends enabling Automatic Updates.

Microsoft Office 2000 users must visit the Microsoft Office Update web site to get the appropriate updates.

Apple Mac OS X users should obtain updates from the Mactopia web site.

Description

Vulnerabilities in Microsoft Windows and Microsoft Office may allow an attacker to access your computer, install and run malicious software on your computer, or cause it to crash.

For more technical information, see US-CERT Technical Alert TA06-192A.

References

Microsoft Security Bulletin Summary for July 2006 - <http://www.microsoft.com/technet/security/bulletin/ms06-jul.mspx>

Technical Cyber Security Alert TA06-167A - <http://www.us-cert.gov/cas/techalerts/TA06-167A.html>

US-CERT Vulnerability Notes for Microsoft Updates for July 2006 - <http://www.kb.cert.org/vuls/byid?searchview&query=ms06-jul>

US-CERT Vulnerability Note VU#395588 - <http://www.kb.cert.org/vuls/id/395588>

US-CERT Vulnerability Note VU#189140 - <http://www.kb.cert.org/vuls/id/189140>

US-CERT Vulnerability Note VU#257164 - <http://www.kb.cert.org/vuls/id/257164>

US-CERT Vulnerability Note VU#802324 - <http://www.kb.cert.org/vuls/id/802324>

US-CERT Vulnerability Note VU#580036 - <http://www.kb.cert.org/vuls/id/580036>

US-CERT Vulnerability Note VU#609868 - <http://www.kb.cert.org/vuls/id/609868>

US-CERT Vulnerability Note VU#409316 - <http://www.kb.cert.org/vuls/id/409316>

US-CERT Vulnerability Note VU#459388 - <http://www.kb.cert.org/vuls/id/459388>

US-CERT Vulnerability Note VU#668564 - <http://www.kb.cert.org/vuls/id/668564>

CVE-2006-0026 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0026>

CVE-2006-1314 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1314>

CVE-2006-2372 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2372>

CVE-2006-3059 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3059>

CVE-2006-1316 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1316>

CVE-2006-1540 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1540>

CVE-2006-2389 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2389>

CVE-2006-0033 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0033>

CVE-2006-0007 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0007>

Microsoft Update - <https://update.microsoft.com/microsoftupdate/>

Microsoft Office Update - <http://officeupdate.microsoft.com/>

Mactopia - <http://www.microsoft.com/mac/>

Feedback can be directed to US-CERT.

Produced 2006 by US-CERT, a government organization. Terms of use

Revision History

July 11, 2006: Initial release

Last updated July 17, 2007

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting