Microsoft Windows, Office, and IIS Vulnerabilities

Systems Affected

• Microsoft Windows
• Microsoft Office
• Microsoft Office for Mac
• Microsoft Access
• Microsoft Excel and Excel Viewer
• Microsoft FrontPage
• Microsoft Outlook
• Microsoft PowerPoint
• Microsoft Project
• Microsoft Publisher
• Microsoft Visio
• Microsoft Word and Word Viewer

Overview

Critical vulnerabilities in Microsoft Windows and Microsoft Office may allow an attacker to take control of your computer.

Solution

Apply Update

Microsoft has provided updates to remedy these vulnerabilities. To obtain these updates, visit the Microsoft Update web site. US-CERT also recommends enabling Automatic Updates.

Microsoft Office 2000 users must visit the Microsoft Office Update web site to get the appropriate updates.

Apple Mac OS X users should obtain updates from the Mactopia web site.

Description

Vulnerabilities in Microsoft Windows and Microsoft Office may allow an attacker to access your computer, install and run malicious software on your computer, or cause it to crash.

For more technical information, see US-CERT Technical Alert TA06-192A.

References

• Microsoft Security Bulletin Summary for July 2006 - <http://www.microsoft.com/technet/security/bulletin/ms06-jul.mspx>
• Technical Cyber Security Alert TA06-167A - <http://www.us-cert.gov/cas/techalerts/TA06-167A.html>
• US-CERT Vulnerability Notes for Microsoft Updates for July 2006 - <http://www.kb.cert.org/vuls/byid?searchview&query=ms06-jul>
• US-CERT Vulnerability Note VU#395588 - <http://www.kb.cert.org/vuls/id/395588>
• US-CERT Vulnerability Note VU#189140 - <http://www.kb.cert.org/vuls/id/189140>
• US-CERT Vulnerability Note VU#257164 - <http://www.kb.cert.org/vuls/id/257164>
• US-CERT Vulnerability Note VU#802324 - <http://www.kb.cert.org/vuls/id/802324>
• US-CERT Vulnerability Note VU#580036 - <http://www.kb.cert.org/vuls/id/580036>
• US-CERT Vulnerability Note VU#609868 - <http://www.kb.cert.org/vuls/id/609868>
• US-CERT Vulnerability Note VU#409316 - <http://www.kb.cert.org/vuls/id/409316>
• US-CERT Vulnerability Note VU#459388 - <http://www.kb.cert.org/vuls/id/459388>
• US-CERT Vulnerability Note VU#668564 - <http://www.kb.cert.org/vuls/id/668564>
• CVE-2006-0026 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0026>
• CVE-2006-1314 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1314>
• CVE-2006-2372 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2372>
• CVE-2006-3059 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3059>
• CVE-2006-1316 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1316>
• CVE-2006-1540 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1540>
• CVE-2006-2389 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2389>
• CVE-2006-0033 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0033>
• CVE-2006-0007 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0007>
• Microsoft Update - <https://update.microsoft.com/microsoftupdate/>
• Microsoft Office Update - <http://officeupdate.microsoft.com/>
• Mactopia - <http://www.microsoft.com/mac/>

Feedback can be directed to US-CERT.

Produced 2006 by US-CERT, a government organization. Terms of use

Revision History

July 11, 2006: Initial release