Microsoft Windows and Publisher Vulnerabilities

• Microsoft Windows
• Microsoft Publisher

Vulnerabilities in Microsoft Windows and Microsoft Publisher could allow an attacker to gain control of your computer.

Solution

Apply Update

Microsoft has provided updates to remedy these vulnerabilities. To obtain these updates, visit the Microsoft Update web site. US-CERT also
recommends enabling Automatic Updates.

Microsoft Office Publisher 2000 users must visit the Microsoft Office Update web site to get the appropriate updates.

Do not open untrusted documents

Do not open unfamiliar or unexpected Publisher or other Office documents, including those received as email attachments or hosted on a web site. For more information, please see Using Caution with Email Attachments.

Vulnerabilities in Microsoft Windows and Microsoft Office Publisher may allow an attacker to access your computer, install and run malicious software on your computer, or cause it to crash. An attacker could exploit these vulnerabilities by using specially crafted network traffic, by convincing you to click on a specially crafted URL, or by convincing you to open a specially crafted Publisher document. A Publisher document could be attached to an email message, hosted on a web site, or included in another Office document.

For more technical information, see US-CERT Technical Alert TA06-255A.

References

• US-CERT Technical Alert TA06-255A - <http://www.us-cert.gov/cas/techalerts/TA06-255A.html>
• Using Caution with Email Attachments - <http://www.us-cert.gov/cas/tips/ST04-010.html>
• Microsoft Security Essentials - <http://www.microsoft.com/protect/>
• Microsoft security updates for September 2006 - <http://www.microsoft.com/athome/security/update/bulletins/200609.mspx>

.

Revision History

• September 12, 2006: Initial release, added Microsoft security updates for September 2006 reference