From alerts@us-cert.gov Wed Jan 12 23:22:16 2005 From: US-CERT Alerts To: alerts@us-cert.gov Date: Wed, 12 Jan 2005 23:02:42 -0500 Subject: US-CERT Cyber Security Alert SA05-012A -- Multiple Vulnerabilities in Microsoft Windows -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cyber Security Alert SA05-012A Multiple Vulnerabilities in Microsoft Windows Original release date: January 12, 2005 Last revised: -- Source: US-CERT Systems Affected * Windows 98, Me, 2000, XP, and Server 2003 * Internet Explorer 5.x and 6.x * Other Windows programs that use MSHTML Overview An attacker may be able to take control of your computer by taking advantage of two different vulnerabilities in Internet Explorer and Windows. Description There is a vulnerability in the way Internet Explorer processes certain HTML code. There is also a vulnerability in the way Microsoft Windows handles certain images. By exploiting either vulnerability, an attacker may be able to take control of your computer. Reports indicate that one of these vulnerabilities is being exploited by malicious code referred to as Phel. Resolution Apply an update Install the updates as described in Microsoft Security Bulletins MS05-001 and MS05-002. Obtain the appropriate updates from Windows Update or by using Automatic Updates. References * US-CERT Technical Alert TA05-012A - * US-CERT Technical Alert TA05-012B - * Vulnerability Note VU#972415 - * Vulnerability Note VU#625856 - _________________________________________________________________ Author: Michael D. Durkota Feedback can be directed to US-CERT. Send mail to . Please include the subject line "SA05-012A Feedback VU#972415 VU#625856". _________________________________________________________________ Copyright 2005 Carnegie Mellon University. Terms of use: _________________________________________________________________ The latest version of this document is available at: _________________________________________________________________ Revision History January 12, 2005: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQeXybRhoSezw4YfQAQLJ2wf9Gle3aK0uZP1wxMNXYUE3RHLiCDBzzu8V ttprKuRz2049vIX8RotuwNjzSXct+afzjHDEoXpCfPGxjJgxvy7oKmcxmSD7gfl7 GRsC0/zgz83nd4fQoR193m4CqWQ8hswJ5VsEbVQdiwYTxxvFPjNS8rd2jC/0UX+W KNFpOGSQUuVbas0FeI/Oq6dScPC7f82LlSbui7Em1dW4CKbK9hZvLWGllp7gVu4Q as0E7Kk9COZ+Byi11DpgwesAQ3mweuSdGDeEfgjD6+lIFhfYyLTKkAvsU2pY4dHV Ztz7uOVXad53ogGntAg9GP49xpIW3W/s0PPXLA8Svgb589RNoecp+w== =OHid -----END PGP SIGNATURE-----