Virus Information Center
 Online HelpDesk Home
 Security Information
 Members Only Home
 Check Your Email

.Member Services Team
.HelpDesk/Tech Support





First Step Internet Security Alert
Cyber Security Alert SA04-184A

Important Internet Explorer Update Available

Original release date: July 2, 2004
Last revised: --
Source: US-CERT

Systems Affected
Systems running Internet Explorer and Microsoft Windows

Overview
Microsoft has released an important security update for Internet Explorer (IE). This update greatly reduces the impact of attacks against several vulnerabilities in IE.

Description
Several vulnerabilities in IE could allow a malicious web site or HTML email message to install software on your computer. This software could be used to steal sensitive financial information or perform other actions. Recent incident activity has been referred to as Download.Ject, JS.Scob.Trojan, Scob, and JS.Toofeer.

Microsoft has released a security update for IE that provides increased protection against this type of attack. Note that this update may not prevent attacks in all cases.

Resolution
Install Critical Update

US-CERT recommends that users install the update from the Microsoft Download Center (KB870669) or the Windows Update web site.

Increase IE Security Settings

In addition, US-CERT strongly recommends that users modify IE security settings according to the instructions in the Malicious Web Scripts FAQ.

Further information is available from Microsoft in What You Should Know About Download.Ject.

References

* US-CERT Technical Alert TA04-184A -
<http://www.us-cert.gov/cas/techalerts/TA04-184A.html>

* US-CERT Technical Alert TA04-163A -
<http://www.us-cert.gov/cas/techalerts/TA04-163A.html>

* US-CERT Vulnerability Note VU#713878 -
<http://www.kb.cert.org/vuls/id/713878>

* Malicious Web Scripts FAQ -
<http://www.cert.org/tech_tips/malicious_code_FAQ.html>

* What You Should Know About Download.Ject -
<http://www.microsoft.com/security/incident/download_ject.mspx>

* Increase Your Browsing and E-Mail Safety -
<http://www.microsoft.com/security/incident/settings.mspx>

_________________________________________________________________

Author: Art Manion
Please send feedback to <mailto:cert@cert.org>.
Please include the Subject field "SA04-184A Feedback VU#713878".

_________________________________________________________________

Copyright 2004 Carnegie Mellon University.
Terms of use: <http://www.us-cert.gov/legal.html>

_________________________________________________________________

The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/alerts/SA04-184A.html>

_________________________________________________________________


Revision History
July 2, 2004: Initial release