Microsoft Windows and Internet Explorer Vulnerabilities (Demonstration Example)
http://jvn.jp/tr/TRTA05-221A/index.html
[Link to Japanese Site] TA05-221A: Microsoft has released updates that address critical vulnerabilities in Windows and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on an affected system.JVNRSS Research Projectjvn@jvn.jp2005-08-22T20:31+09:002005-08-10T13:25+09:002005-08-22T20:31+09:00Microsoft Security Bulletin Summary for August, 2005
http://www.microsoft.com/technet/security/bulletin/ms05-aug.mspx
Included in this advisory are updates for newly discovered vulnerabilities. These vulnerabilities, broken down by severity are:MicrosoftMS05-AUGhttp://www.microsoft.com/japan/technet/security/bulletin/ms05-aug.mspx2005-08-10T07:32+09:002005-08-10T07:32+09:00Technical Cyber Security Alert TA05-221A: Microsoft Windows and Internet Explorer Vulnerabilities
http://www.us-cert.gov/cas/techalerts/TA05-221A.html
Microsoft has released updates that address critical vulnerabilities in Windows and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on an affected system.US-CERTTA05-221Ahttp://www.us-cert.gov/cas/techalerts/TA05-221A.html2005-08-10T08:16+09:002005-08-10T08:16+09:00Internet Security Systems Protection Advisory: Windows Plug and Play Remote Compromise
http://xforce.iss.net/xforce/alerts/id/202
X-force has discovered a vulnerability in the Windows Plug and Play service. This vulnerability is remotely exploitable in the default configuration of Windows 2000, and is present in all modern Windows operating systems. There is a high probability that this vulnerability will be exploited in an automated fashion as part of a worm on Windows 2000.ISShttp://www.microsoft.com/technet/security/Bulletin/MS05-039.mspxhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-19832005-08-10T11:46+09:002005-08-10T11:46+09:00Internet Security Systems Protection Alert: Multiple Microsoft Vulnerabilities - August 2005
http://xforce.iss.net/xforce/alerts/id/203
ISS X-Force is tracking two critical vulnerabilities in Microsoft Windows operating systems. A critical remote compromise issue in the Plug and Play Service was discovered internally by X-Force, and is discussed in detail in an X-Force advisory which is linked below. Also, a remote buffer overflow vulnerability in the Print Spooler service could allow an unauthenticated attacker to fully compromise an affected machine without any user-interaction.ISShttp://www.microsoft.com/technet/security/Bulletin/MS05-043.mspxhttp://www.microsoft.com/technet/security/Bulletin/MS05-038.mspxhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1984http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-19882005-08-10T11:50+09:002005-08-10T11:50+09:00Microsoft Windows Plug and Play Remote Buffer Overflow Exploit (MS05-039)
http://www.frsirt.com/exploits/20050811.ms05_039_pnp.pm.php
#Cid: ms05_039_pnp.pm, #Cid: 20050811.ms05_039_pnp.pmFRSIRThttp://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx2005-08-12T00:00+09:002005-08-12T00:00+09:00Full-Disclosure: (MS05-039) Microsoft Windows Plug-and-Play Service Remote Overflow (Universal Exploit + no crash shellcode)
http://www.security-express.com/archives/bugtraq/2005-08/0181.html
#Cid: HOD-ms05039-pnp-expl.c, #Cid: 20050812.HOD-ms05039-pnp-expl.cFRSIRThttp://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx2005-08-12T23:37+09:002005-08-12T23:37+09:00Trendmicro: WORM_ZOTOB.A
http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?VName=WORM_ZOTOB.A
This memory-resident worm drops a copy of itself in the Windows system folder as BOTZOR.EXE. This worm takes advantage of the Microsoft Windows Plug and Play vulnerability to propagate across networks. For more information regarding this vulnerability, refer to the following Microsoft Web page: Microsoft Security Bulletin MS05-039Trendmicrohttp://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx2005-08-14T00:00+09:002005-08-14T00:00+09:00SANS Institute MS05-039 Worm in the wild
http://isc.sans.org/diary.php?date=2005-08-14
New and improved Zotob(?): Now with mass mailer. Our malware team (mostly Tom and Lorna) are faced with an increasing flood of PNP bots and worms. The most recent one looks like a Zotob. However, it does include a mass mailer.SANShttp://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx2005-08-15T00:23+09:002005-08-15T00:23+09:00Symantec ThreatCON (1) => (2)
https://tms.symantec.com/threatCon_Def.asp
Symantechttp://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx2005-08-17T09:00+09:002005-08-17T09:00+09:00ISS AlertCon (1) => (3)
https://gtoc.iss.net/issEn/delivery/gtoc/index.jsp
Current Internet Threat LevelISSKKhttp://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx2005-08-17T11:00+09:002005-08-17T11:00+09:00Malicious Software Removal Tool 1.7.1
http://www.microsoft.com/security/malwareremove/default.mspx
Microsofthttp://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx2005-08-17T11:00+09:002005-08-17T11:00+09:00