US-CERT Cyber Security Alert SA04-212A -- Multiple Vulnerabilities in Systems Running

Who's Online Now

0 members (), 152 guests, and 21 robots.

Key: Admin, Global Mod, Mod

ShoutChat

Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.

KSC PAD 39A

KSC PAD 39B

TLE DATA

IDB.COM.AU
For all your TLE downloads.

May
S	M	T	W	T	F	S
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

Today's Birthdays

There are no members with birthdays on this day.

AUS-CITY Recent Posts

The Atlantic hurricane season runs from June 1st through November 30th.
by Webmaster - Sun 19 May 2024 05:01:AM

Kentucky gives up on children, focuses educational efforts on feral hogs [Fail]
by Alisa - Sun 19 May 2024 03:41:AM

EIGHT charged with kidnapping and holding neighbor captive for almost 30 YEARS. That means seven people knew about it and said nothing all this time [Followup]
by Alisa - Sun 19 May 2024 03:05:AM

$500K of elvers seized at airport. Unfortunately, they did not have cookies [Weird]
by Alisa - Sun 19 May 2024 02:41:AM

"Boil water notice" due to parasite outbreak in Devon mostly lifted. If you're living in Devon and have no idea what this is about you might want to go see a doctor [Followup]
by Alisa - Sun 19 May 2024 02:05:AM

Noise Factor comes at you Saturday at 10:30PM ET and hits you with Cybernetic Witch Cult right out of the gate. A couple of stories from a recent live show and also Mastodon, Stone Nomads, Lord Velvet, Pissed Jeans, and a bonus ending [Live]
by Alisa - Sun 19 May 2024 02:00:AM

Remember: flickering lights or doing business with kleptocrats can induce seizures [Misc]
by Alisa - Sun 19 May 2024 01:41:AM

Map lead three surfers to their doom in Mexico, continuing Dora's reign of terror [Scary]
by Alisa - Sun 19 May 2024 01:05:AM

Sing us a song, you're the Plano Man, sing us a song tonight. Well, we've got your car on a trailer hook, and we're in the mood for a fight [Fail]
by Alisa - Sun 19 May 2024 12:41:AM

A helpful guide to help us old folks figure out what the young whippersnappers invading our lawns are saying [PSA]
by Alisa - Sun 19 May 2024 12:05:AM

AUS-CITY Latest Photos

Art By MA
by Alisa, July 27

"5greenheart" by MA
by Alisa, July 27

"3moons" by MA
by Alisa, July 27

Art By MA
by Alisa, July 27

Popular Topics(Views)

4,776,310 The most hated Government Department

3,160,095 UBI, Updates and the rest :-)

852,113 Access to new forum UBI and PBS Private

710,492 CYPRUS SAT ON AIR CH60

527,764 What can we expect of TV Plus ?

520,887 Department of Child Safety's most shameful office

436,952 UBI vs DigiTurk - Turkish Package Changes

359,208 Moderate 4.4 quake hits near Gisborne, Gisborne District, New Zealand

351,909 TARBS WAS SCREWED!!!!

330,473 aussiefrogs.com offline

AUS-CITY Earthquake Map

AUS-CITY Advertisements

Print Thread

Rate Thread

US-CERT Cyber Security Alert SA04-212A -- Multiple Vulnerabilities in Systems Running #27968 Sun 01 Aug 2004 08:39:AM
Joined: Feb 2001 Posts: 3,536 Ontario, Canada VA3DBJ OP Mission Commander
OP VA3DBJ Mission Commander Joined: Feb 2001 Posts: 3,536 Ontario, Canada	US-CERT Cyber Security Alert SA04-212A -- Multiple Vulnerabilities in Systems Running Microsoft Windows<br /><br />-----BEGIN PGP SIGNED MESSAGE-----<br />Hash: SHA1<br /><br />Multiple Vulnerabilities in Systems Running Microsoft Windows<br /><br /> Original release date: July 30, 2004<br /> Last revised: --<br /> Source: US-CERT<br /><br />Systems Affected<br /><br /> - Microsoft Windows systems; specifically, some versions of the<br /> following programs:<br /> * Microsoft Windows NT<br /> * Microsoft Windows 2000<br /> * Microsoft Windows XP<br /> * Microsoft Windows Server 2003<br /> * Microsoft Windows 98<br /> * Microsoft Windows Millennium Edition<br /> * Microsoft Internet Explorer 5<br /> * Microsoft Internet Explorer 6<br /><br />Overview<br /><br /> Microsoft has reported two vulnerabilities in the way Internet<br /> Explorer processes certain types of images. Attackers may be able<br /> to gain control of your machine if you view a malicious image,<br /> visit a web page, or open an email message that contains these<br /> images.<br /><br /> Microsoft has also published an update to address the cross-domain<br /> vulnerability discussed in SA04-163A. This vulnerability may allow<br /> an attacker to alter a web site to point to a different location.<br /> If the attacker can convince you to visit the site, they may be<br /> able to gain control of your machine.<br /><br />Solution<br /><br />Apply a patch<br /><br /> Microsoft has issued updates that resolve this problem. Obtain the<br /> appropriate update from Windows Update<br /><br />Use caution with email attachments<br /><br /> Never open unexpected email attachments. Before opening an<br /> attachment, save it to a disk and scan it with anti-virus software.<br /> Make sure to turn off the option to automatically download<br /> attachments.<br /><br />View email messages in plain text<br /><br /> Email programs like Outlook and Outlook Express interpret HTML code<br /> the same way that Internet Explorer does. Attackers may be able to<br /> take advantage of that by sending malicious HTML-formatted email<br /> messages.<br /><br />Maintain updated anti-virus software<br /><br /> It is important that you use anti-virus software and keep it up to<br /> date. Most anti-virus software vendors frequently release updated<br /> information, tools, or virus databases to help detect and recover<br /> from virus infections. Many anti-virus packages support automatic<br /> updates of virus definitions. US-CERT recommends using these<br /> automatic updates when possible.<br /><br />Description<br /><br /> In Microsoft Security Bulletin MS04-025, Microsoft describes a<br /> critical vulnerability in the way Internet Explorer processes .GIF<br /> and .BMP images. An attacker can use malicious images on a web page<br /> or in HTML-formatted email messages. If the attacker can convince a<br /> user to visit the web page, open the message, or otherwise view the<br /> image, the attacker may be able to gain control of the user's<br /> machine.<br /><br /> There is also a vulnerability in the way Internet Explorer<br /> processes scripts. An attacker may be able to take advantage of<br /> frames to redirect users to a malicious web site.<br /><br /> More technical information about this issue is available in<br /> TA04-212A and Microsoft Security Bulletin MS04-025.<br /><br />References<br /><br /> * Windows Security Updates for July 2004 -<br /> http://www.microsoft.com/security/bulletins/200407_windows.mspx<br /> * Multiple Remote Code Execution Vulnerabilities in Microsoft<br /> Internet Explorer -<br /> http://www.us-cert.gov/cas/techalerts/TA04-212A.html<br /> * Microsoft Security Bulletin MS04-025 -<br /> http://www.microsoft.com/technet/security/bulletin/MS04-025.mspx<br /> * US-CERT Computer Virus Resources -<br /> http://www.us-cert.gov/other_sources/viruses.html<br /> * Understanding Anti-Virus Software -<br /> http://www.us-cert.gov/cas/tips/ST04-005.html<br /> * Using Caution with Email Attachments -<br /> http://www.us-cert.gov/cas/tips/ST04-010.html<br /> * Home Network Security -<br /> http://www.cert.org/tech_tips/home_networks.html<br /> * Home Computer Security -<br /> http://www.cert.org/homeusers/HomeComputerSecurity/<br /> _________________________________________________________________<br /><br /> Author: Mindi McDowell. Feedback can be directed to the US-CERT<br /> Technical Staff.<br /> _________________________________________________________________<br /><br /> Copyright 2004 Carnegie Mellon University.<br /><br /> Revision History<br /><br /> July 30, 2004: Initial release<br />-----BEGIN PGP SIGNATURE-----<br />Version: GnuPG v1.2.1 (GNU/Linux)<br /><br />iD8DBQFBCuWXXlvNRxAkFWARAnajAKC4GTaFQRkTT3QIa85wHyLl3hDGIwCgmmDo<br />MLxGp6us3L4yzOtfzWsCEBg=<br />=r9CV<br />-----END PGP SIGNATURE-----