-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

          National Cyber Alert System

   Technical Cyber Security Alert TA08-316A


Microsoft Updates for Multiple Vulnerabilities

   Original release date: November 11, 2008
   Last revised: --
   Source: US-CERT


Systems Affected

     * Microsoft Windows
     * Microsoft Office XP, 2003, and 2007
     * Microsoft XML Core Services


Overview

   Microsoft has released updates that address vulnerabilities in Microsoft
   Windows, Microsoft Office, and Microsoft XML Core Services.


I. Description

   As  part of the Microsoft Security Bulletin Summary for November 2008,
   Microsoft released updates to address vulnerabilities that affect Microsoft
   Windows, Microsoft Office, and Microsoft XML Core Services. The most severe
   vulnerabilities could allow a remote, unauthenticated attacker to execute
   arbitrary code.


II. Impact

   A remote, unauthenticated attacker could execute arbitrary code or cause a
   vulnerable application to crash.


III. Solution

   Apply updates from Microsoft
   Microsoft has provided updates for these vulnerabilities in the Microsoft
   Security Bulletin Summary for November 2008. The security bulletin describes
   any known issues related to the updates. Administrators are encouraged to
   note  these  issues  and  test  for  any  potentially adverse effects.
   Administrators should consider using an automated update distribution system
   such as Windows Server Update Services (WSUS).


IV. References

     * Microsoft   Security   Bulletin   Summary   for  November  2008  -
       <http://www.microsoft.com/technet/security/bulletin/ms08-nov.mspx>

     * Microsoft Update - <https://www.update.microsoft.com/microsoftupdate/>

     * Windows Server Update Services -
       <http://www.microsoft.com/windowsserversystem/updateservices/default.mspx>

   _________________________________________________________________

   Feedback can be directed to US-CERT.
   _________________________________________________________________

   Produced 2008 by US-CERT, a government organization. Terms of use
   Revision History

   November 11, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSRn7pXIHljM+H4irAQLn6Qf8CUJFNrMMKALPzPyFx66QKkFtrpkdLoKV
C4hZwsQ1LTQNSo845PdtQl9WQHL2Gpw49iq3Yn8cfCp0XO457Xk58BoLKCBAuPNi
9AJJN8C94VSV1O1YpikUGSLIY+D58kZRsmqAaShy+lc1H4whqGeJk5U3HCEMMneY
csnhefV30rdEVFIByghQZu11jq0XbDUGPTVaz9+5Jv6Hi0cthICteHa6jSsGiHbO
2FmXtrvUIKkK8IuSFnc6YkI+/ahKOnXjVswAO5SODXWH/Gzh2tPw8JQkc77ke1ZD
FSREn2lWHF6i7VfrcTxm1COMG5PiZF1dXPDAGt5FOI5qCU/VO+hWsw==
=QrVj
-----END PGP SIGNATURE-----