Alert

Microsoft Internet Explorer Vulnerabilities

Last Revised
Alert Code
SA05-347A

Systems Affected

 
  • Microsoft Windows
  • Microsoft Internet Explorer

For more complete information, refer to the Microsoft Security Bulletin Summary for December 2005.

 

Overview

 

Microsoft has released updates that address critical vulnerabilities in Internet Explorer.


Solution

Apply Updates

Microsoft has released security updates for Internet Explorer. To obtain the updates, visit the Microsoft Update web site. US-CERT also recommends enabling Automatic Updates.

 

Disable ActiveX

Instructions for disabling ActiveX controls in the Internet Zone can be found in the Malicious Web Scripts FAQ. Note that disabling ActiveX will reduce the functionality of some web sites. For example, the Microsoft Update site will not work with ActiveX disabled. To enable ActiveX for a web site, add that site to the Trusted Sites Zone. To protect against future threats, consider disabling ActiveX as well as applying the December 2005 updates.

 

 

Do not follow unsolicited links

Do not click on unsolicited URLs received in email, instant messages, web forums, or internet relay chat (IRC) channels.

 


 

 

Description

 

 

Microsoft Security Bulletins for December 2005 address vulnerabilities in Internet Explorer. These vulnerabilities may allow an attacker to take control of your computer or cause it to crash. For more technical information, see US-CERT Technical Cyber Security Alert TA05-347A.


 

References

  • Microsoft Security Bulletin Summary for December 2005 - <http://www.microsoft.com/technet/security/bulletin/ms05-dec.mspx>
  • US-CERT Vulnerability Note VU#887861 - <http://www.kb.cert.org/vuls/id/887861>
  • US-CERT Vulnerability Note VU#959049 - <http://www.kb.cert.org/vuls/id/959049>
  • US-CERT Vulnerability Note VU#680526 - <http://www.kb.cert.org/vuls/id/680526>
  • US-CERT Technical Cyber Security Alert TA05-347A - <http://www.us-cert.gov/cas/techalerts/TA05-347A.html>
  • Microsoft Update - <https://update.microsoft.com/microsoftupdate/>
  • CERT/CC Malicious Web Scripts FAQ - <http://www.cert.org/tech_tips/malicious_code_FAQ.html#ie56>
  • Improve the safety of your browsing and e-mail activities- <http://www.microsoft.com/athome/security/online/browsing_safety.mspx>
  • Security Essentials - <http://www.microsoft.com/athome/security/protect/default.aspx>


 

Feedback can be directed to the US-CERT Technical Staff.

Produced by US-CERT, a government organization. Terms of use

Revision History

  • December 13, 2005: Initial release, added workaround for ActiveX use in Trusted Sites Zone
    December 23, 2005: Updated Solution to disable ActiveX and apply update
     

Last updated 

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.