Status Tracking Note TRTA06-318A

Microsoft Security Updates for Windows, Internet Explorer, and Adobe Flash

Overview

Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, and Adobe Flash. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
Event Information


Date (UTC)Description
2006-11-20 16:05 Internet Security Systems
AlertCon (2) => (1)
2006-11-20 SANS Internet Storm Center
MS06-070 Remote Exploit
2006-11-18
MS06-070 Windows WorkStation NetpManageIPCConnect Vulnerability Exploit
a proof-of-concept code for this vulnerability (CVE-2006-4691,MS06-070)
Windows 2000 Server SP4
#Cid: NetAPI-NetrJoinDomain2.py
2006-11-17
Microsoft Windows Wkssvc NetrJoinDomain2 Stack Overflow(MS06-070) Exploit
a proof-of-concept code for this vulnerability (CVE-2006-4691,MS06-070)
Windows 2000 Server SP4 (All Languages)
#Cid: MS06-070_exploit
2006-11-16 Microsoft
Microsoft Security Advisory (928604): Exploit Code Published Affecting the Workstation Service on Windows 2000
Microsoft is aware of public proof of concept code targeting the vulnerability addressed by security update MS06-070. At this time Microsoft has not seen any indications of active exploitation of the vulnerability Microsoft has activated its emergency response process and is continuing to investigate this public report.
2006-11-15 02:41 JPCERT/CC
JPCERT-AT-2006-0019: Nov 2006 Microsoft Security Bulletin (including five critical patches)
2006-11-15
Microsoft Windows Wkssvc NetrJoinDomain2 Stack Overflow(MS06-070) Exploit
a proof-of-concept code for this vulnerability (CVE-2006-4691,MS06-070)
#Cid: MS06-070_exploit
#Tested: Windows 2000 Server SP4 [CN]
2006-11-14 22:53 US-CERT
TA06-318A: Microsoft Security Updates for Windows, Internet Explorer, and Adobe Flash
Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, and Adobe Flash. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
2006-11-14 18:50 Internet Security Systems
AlertCon (1) => (2)
2006-11-14 Internet Security Systems
Vulnerability in Microsoft Workstation Service could allow remote code execution
2006-11-14 Microsoft
MS06-NOV: Microsoft Security Bulletin Summary for November, 2006
Included in this advisory are updates for newly discovered vulnerabilities.
2006-07-25 eEye Digital Security
AD20061114: Workstation Service NetpManageIPCConnect Buffer Overflow
Workstation Service Memory Corruption Vulnerability(CVE-2006-4691,MS06-070)
Vulnerability Reported
2006-07-18 Zero Day Initiative (ZDI)
ZDI-06-041: Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability
HTML Rendering Memory Corruption Vulnerability(CVE-2006-4687,MS06-067)
Vulnerability Reported


Date first published (UTC): 2006-11-15T21:48+00:00
Date last updated (UTC): 2006-11-20T22:55+00:00