Status Tracking Note JVNTR-2009-05

Microsoft Updates for Multiple Vulnerabilities (TA09-041A)

Overview

Microsoft has released updates that address vulnerabilities in Microsoft Windows and Windows Server.
Event Information

Date (UTC)Description
2009-02-19 21:02 SANS Internet Storm Center
MS09-002, XML/DOC and initial infection vector
2009-02-18 20:20 SANS Internet Storm Center
MS09-002 exploit in the wild (Version: 2)
Several AV vendors reported about MS09-002 exploits in the wild. We can confirm this - the exploit for the CVE-2009-0075 vulnerability (Uninitialized Memory Corruption) in Internet Explorer 7 is definitely in the wild and working as charm on an unpatched Windows XP machine.
2009-02-17 20:25 US-CERT
Active Exploitation of Microsoft Internet Explorer 7 Vulnerability
US-CERT Current Activity
US-CERT is aware of a public report indicating active exploitation of a previously patched vulnerability in Microsoft Internet Explorer 7. This vulnerability was addressed in Microsoft Security Advisory MS09-002. Additional information is available in US-CERT Technical Cyber Security Alert TA09-041A.
2009-02-11 03:40 JPCERT/CC
JPCERT-AT-2009-0003: February 2009 Microsoft Security Bulletin (including two critical patches)
2009-02-11 Trend Micro
HTML_DLOADER.AS
Exploit for CVE-2009-0075
2009-02-10 22:40 Microsoft
MS09-FEB: Microsoft Security Bulletin Summary for February 2009
Included in this advisory are updates for newly discovered vulnerabilities.
2009-02-10 21:51 Microsoft
Microsoft Security Advisory (961040): Vulnerability in SQL Server Could Allow Remote Code Execution
SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability (MS09-004, CVE-2008-5416)
Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-004 to address this issue.
2009-02-10 21:05 US-CERT
TA09-041A: Microsoft Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
2009-02-10 19:46 SANS Internet Storm Center
February Black Tuesday Overview
Overview of the February 2009 Microsoft patches and their status.
2009-02-10 19:37 US-CERT
Microsoft Releases February Security Bulletin Summary
US-CERT Current Activity
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Internet Explorer, Exchange Server, and SQL Server as part of the Microsoft Security Bulletin Summary for February 2009. These vulnerabilities may allow an attacker to execute arbitrary code.
2009-02-10 19:09 Symantec
ThreatCON (1) => (2)
Microsoft has released the February 2009 scheduled security bulletins and updates. We advise customers to install these updates as soon as possible.
2009-02-10 IBM Internet Security Systems
Microsoft Exchange Server TNEF Remote Code Execution
Microsoft Exchange Server could allow a remote attacker to execute arbitrary code on the system.
2009-02-05 21:07 Microsoft
MS09-FEB: Microsoft Security Bulletin Advance Notification for February 2009
Included in this advisory are updates for newly discovered vulnerabilities.
2008-12-23 06:59 Microsoft
Microsoft Security Advisory (961040): Vulnerability in SQL Server Could Allow Remote Code Execution
Advisory published.
Microsoft is investigating new public reports of a vulnerability that could allow remote code execution on systems with supported editions of Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon).
2008-10-15 Zero Day Initiative (ZDI)
ZDI-09-012: Microsoft Internet Explorer Malformed CSS Memory Corruption Vulnerability
CSS Memory Corruption Vulnerability (MS09-002, CVE-2009-0076)
Vulnerability Reported
The specific flaw exists when processing, in XHTML strict mode, a CSS stylesheet containing a specific combination of style directives one of which must be a 'zoom'. The fault in processing results in a memory corruption vulnerability which can be leveraged to execute arbitrary code under the context of the current user.
2008-09-23 Zero Day Initiative (ZDI)
ZDI-09-011: Microsoft Internet Explorer CFunctionPointer Memory Corruption Vulnerability
Uninitialized Memory Corruption Vulnerability (MS09-002, CVE-2009-0075)
Vulnerability Reported
The specific flaw exists in the handling of document objects. When an object is appended and deleted in a specific order memory corruption occurs. Successful exploitation leads to remote compromise of the affected system under the credentials of the currently logged in user.

Reference

Date first published (UTC): 2009-02-12T02:04+00:00
Date last updated (UTC): 2009-02-23T11:10+00:00
Valid HTML 4.01!