-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-318A
Microsoft Security Updates for Windows, Internet Explorer, and Adobe Flash
Original release date: November 14, 2006
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Internet Explorer
* Adobe Flash
Overview
Microsoft has released updates that address critical vulnerabilities
in Microsoft Windows, Internet Explorer, and Adobe Flash. Exploitation
of these vulnerabilities could allow a remote, unauthenticated
attacker to execute arbitrary code or cause a denial of service on a
vulnerable system.
I. Description
Microsoft has released updates to address vulnerabilities in Microsoft
Windows, Internet Explorer, and Adobe Flash as part of the Microsoft
Security Bulletin Summary for November 2006. The most severe
vulnerabilities could allow a remote, unauthenticated attacker to
execute arbitrary code or cause a denial of service on a vulnerable
system. Microsoft has included updates to Adobe Flash, which is
installed with Internet Explorer.
Further information is available in the Vulnerability Notes Database.
II. Impact
A remote, unauthenticated attacker could execute arbitrary code on a
vulnerable system. An attacker may also be able to cause a denial of
service.
III. Solution
Apply updates from Microsoft
Microsoft has provided updates for these vulnerabilities in the
November 2006 Security Bulletins. The Security Bulletins describe any
known issues related to the updates. Note any known issues described
in the Bulletins and test for any potentially adverse affects in your
environment.
System administrators may wish to consider using Windows Server Update
Services (WSUS).
IV. References
* US-CERT Vulnerability Notes for Microsoft November 2006 updates -
<http://www.kb.cert.org/vuls/byid?searchview&query=ms06-nov>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
* Microsoft Security Bulletin Summary for November 2006 -
<http://www.microsoft.com/technet/security/bulletin/ms06-nov.mspx>
* Microsoft Update - <https://update.microsoft.com/microsoftupdate/>
* Windows Server Update Services -
<http://www.microsoft.com/windowsserversystem/updateservices/default.mspx>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-318A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@xxxxxxxx> with "TA06-318A Feedback VU#377369" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
November 14, 2006: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRVpHwexOF3G+ig+rAQLUEAf9FSKBHOCuPIRuJYJYgY9th7ZRtNdxsWWQ
4ulkdZVv3P682sQEtF6glpLN1h+YHA1oF93uLp6T+7FKlxP1MYrxRPP5p1nH+fCa
bRmVxUSATuDrxaTZmJWcJcL8zvaNTqkkDBCpG8GN32OCwgE40xNJRsKiv2UuIAYJ
geGl8mK5PGb4Sr0Bjlw2n5fbcKkjoJXYmkxV3CXzvpPrtS1fIq0rZ19sRB4+Jw3I
heEM7rKGMo3N4OUEYTpt2yW1Mpj2zVyWo2O8PWJmuMZq1lCsECrvTvfk4/q3s4Yh
Z0l6F4Ps6L2D5PkNkg08EgxvbiPHYI8B8VZ1SlitvOcKiVOggyxYrg==
=K0Wj
-----END PGP SIGNATURE-----
