FW: [UC-MCCA] Alert - Microsoft Security Advisory (927892) Released

Please see below for detail on a Microsoft Security Advisory.

Regards,

David Willson
Manger, Strategic Technology Acquisition
Office of the Chief Information Officer
University of California, Berkeley
510-643-9677

-----Original Message-----
From: uc-mcca-bounces_at_uci.edu [mailto:uc-mcca-bounces_at_uci.edu] On Behalf Of
Taylor Kao
Sent: Monday, November 06, 2006 2:42 PM
To: UC-MCCA Discussion List
Subject: [UC-MCCA] Alert - Microsoft Security Advisory (927892) Released

Please send this alert out to your departments.

Regards,
Taylor

What is this alert?

This alert is to notify you that Microsoft has released Security Advisory
927892 - Vulnerability in Microsoft XML Core Services Could Allow Remote
Code Execution - on 3 November 2006.

========================================
Summary
========================================

Microsoft is investigating public reports of a vulnerability in Microsoft
XML Core Services on Windows. We are aware of proof of concept code
published publicly and of the possibility of limited attacks that are
attempting to use the reported vulnerability.

Customers would need to visit an attacker's Web site to be at risk. We will
continue to investigate these public reports.

Upon completion of this investigation, Microsoft will take the appropriate
action to help protect our customers. A security update will be released
through our monthly release process or an out-of-cycle security update will
be provided, depending on customer needs.

========================================
Recommendations
========================================

Review Microsoft Security Advisory 927892 for an overview of the issue,
details on affected components, mitigating factors, suggested actions,
frequently asked questions (FAQ) and links to additional resources.

Customers who believe they have been attacked should contact their local FBI
office or report their situation to www.ic3.gov. Customers outside the U.S.
should contact the national law enforcement agency in their country.

Customers who believe they are affected can contact Product Support
Services. Contact Product Support Services in North America for help with
security update issues or viruses at no charge using the PC Safety line
(1866-PCSAFETY) and international customers by using any method found at
this location: http://support.microsoft.com/security.

========================================
Additional Resources:
========================================

* Microsoft Security Advisory 927892 - Vulnerability in Microsoft XML Core
Services Could Allow Remote Code Execution
   http://www.microsoft.com/technet/security/advisory/927892.mspx

* MSRC Blog:
   http://blogs.technet.com/msrc/

Note: check the MSRC Blog periodically as new information may appear there.

========================================
Regarding Information Consistency:
========================================

We strive to provide you with accurate information in static (this mail) and
dynamic (web-based) content. Security Advisories posted to the web are
occasionally updated to reflect late-breaking information. If this results
in an inconsistency between the information here and the information in the
web-based Security Advisory, the information in the web-based Security
Advisory is authoritative.

If you have any questions regarding this alert please contact me.

Thanks,

Anthony Suarez
Field Technical Account Manager
Microsoft Premier Services - Public Sector
Cell: (916)412-8088
Office: (916)369-3638
Fax: (916)363-3300
Mail: asuarez_at_microsoft.com

_______________________________________________
UC-MCCA mailing list
UC-MCCA_at_uci.edu
https://maillists.uci.edu/mailman/listinfo/uc-mcca

------------------------------------------------------------------------
The following was automatically added to this message by the list server:

For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
Received on Mon Nov 06 2006 - 15:25:50 PST