US-CERT Cyber Security Alert SA04-286A -- Multiple Vulnerabilities in Microsoft Windows, Internet Explorer, and Excel

Home | FAQ | Contact | Privacy Policy | Unsubscribe from Alerts

National Cyber Alert System

Cyber Security Alert SA04-286A

Multiple Vulnerabilities in Microsoft Windows, Internet Explorer, and Excel

Original release date: October 12, 2004
Last revised: October 13, 2004
Source: US-CERT

Systems Affected

Microsoft Windows
Microsoft Internet Explorer
Microsoft Excel, including Macintosh versions

Overview

By taking advantage of one or more vulnerabilities in Microsoft products, an attacker may be able to take control of your computer.

Solution

Apply updates

Microsoft has released security updates for a number of products, including Windows, Internet Explorer, and Excel. To obtain the updates, visit the Windows Update and Office Update web sites. US-CERT also recommends enabling Automatic Updates.

Description

There are vulnerabilities in multiple Microsoft products, including Windows, Internet Explorer, and Excel. Many of these vulnerabilities could allow an attacker to take control of your computer. In some cases, an attacker could exploit a vulnerability without any action from you. In other cases, you would need to open a malicious document such as a web site, email message, image, or Excel spreadsheet.

References

Windows Security Updates for October 2004 - <http://www.microsoft.com/security/bulletins/200410_windows.mspx>
Office Security Update for October 2004 - <http://www.microsoft.com/security/bulletins/200410_office.mspx>
Protect Your PC - <http://www.microsoft.com/protect/>

Feedback can be directed to US-CERT.

Revision History

October 12, 2004: Initial release
October 13, 2004: Added Office/Excel update link

Last updated October 12, 2004