Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > September 2006 > Technical Cyber Security Alert: TA06-255A - Microsoft Windows and Publisher Vulnerabilities

September 2006

Technical Cyber Security Alert: TA06-255A - Microsoft Windows and Publisher Vulnerabilities

ID: 00616
Ref: 591/2006
Date: 13 September 2006:14:23:12
Version: 1
Title: Technical Cyber Security Alert: TA06-255A - Microsoft Windows and Publisher Vulnerabilities
Abstract: Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Publisher as part of the Microsoft Security Bulletin Summary for September 2006.
Vendors affected: US-CERT
Operating systems affected: US-CERT
Applications affected: US-CERT
Title
=====

Technical Cyber Security Alert: TA06-255A - Microsoft Windows and Publisher Vulnerabilities

Detail
======

Microsoft has released updates to address vulnerabilities in Microsoft
Windows and Microsoft Publisher as part of the Microsoft Security Bulletin
Summary for September 2006.

FOR IMMEDIATE PUBLIC RELEASE


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA06-255A


Microsoft Windows and Publisher Vulnerabilities
Original release date: September 12, 2006
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Windows
* Microsoft Publisher


Overview

Microsoft has released updates that address critical
vulnerabilities in Microsoft Windows and Microsoft
Publisher. Exploitation of these vulnerabilities could allow a
remote, unauthenticated attacker to execute arbitrary code or cause
a denial of service on a vulnerable system.


I. Description

Microsoft has released updates to address vulnerabilities in
Microsoft Windows and Microsoft Publisher as part of the Microsoft
Security Bulletin Summary for September 2006.

Further information will be available in the following
Vulnerability Notes.


II. Impact

A remote, unauthenticated attacker could execute arbitrary code on
a vulnerable system. An attacker may also be able to cause a denial
of service.


III. Solution

Apply updates from Microsoft

Microsoft has provided updates for these vulnerabilities in the
September 2006 Security Bulletins. The security bulletins describe
any known issues related to the updates. Note any known issues
described in the bulletins and test for any potentially adverse
affects in your environment.

Updates for Microsoft Windows and Microsoft Office XP and later are
available on the Microsoft Update site. Microsoft Office 2000
updates are available on the Microsoft Office Update site.

System administrators may wish to consider using Windows Server
Update Services (WSUS).


References

* US-CERT Vulnerability Notes for Microsoft September 2006 updates -


* Microsoft Security Bulletin Summary for September 2006 -


* Microsoft Update -

* Microsoft Office Update -

* Windows Server Update Services -
lt.mspx>


____________________________________________________________________

The most recent version of this document can be found at:


____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to with "TA06-255A Feedback VU#406236" in the
subject.


Produced 2006 by US-CERT, a government organization.

Terms of use:

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |