Alert

Microsoft Updates for Multiple Vulnerabilities

Last Revised
Alert Code
TA06-346A

Systems Affected

  • Microsoft Windows
  • Microsoft Visual Studio
  • Microsoft Outlook Express
  • Microsoft Media Player
  • Microsoft Internet Explorer

Overview

Microsoft has released updates that address critical vulnerabilities
in Microsoft Windows, Visual Studio, Microsoft Outlook Express,
Microsoft Media Player, and Microsoft Internet Explorer. Exploitation
of these vulnerabilities could allow a remote, unauthenticated
attacker to execute arbitrary code or cause a denial of service on a
vulnerable system.

Description

Microsoft has released updates to address vulnerabilities in Microsoft
Windows, Visual Studio, Microsoft Outlook Express, Microsoft Media
Player, and Microsoft Internet Explorer as part of the Microsoft
Security Bulletin Summary for December
2006
. The most severe vulnerabilities could allow a remote,
unauthenticated attacker to execute arbitrary code or cause a denial
of service on a vulnerable system.

Updates for Office for Mac were accidentally released by Microsoft and
have since been retracted. More information can be found in the following Microsoft
Security Response Center Blog entry
.

Further information about the vulnerabilities addressed by these
updates is available in the Vulnerability
Notes
Database.

Impact

A remote, unauthenticated attacker could execute arbitrary code on a
vulnerable system. An attacker may also be able to cause a denial of
service.

Solution

Apply updates from Microsoft

Microsoft has provided updates for these vulnerabilities in the
December 2006 Security
Bulletins
. The Security Bulletins describe any known issues
related to the updates. Note any known issues described in the
Bulletins and test for any potentially adverse affects in your
environment.

System administrators may wish to consider using an automated patch
distribution system such as Windows Server Update Services
(WSUS).

References

Revision History

  • December 12, 2006: Initial release
    December 15, 2006: Replaced information about Mac updates with a reference to a Microsoft explanation about the error.

This product is provided subject to this Notification and this Privacy & Use policy.