Status Tracking Note TRTA07-100A

Microsoft Updates for Multiple Vulnerabilities

Overview

Microsoft has released updates that address critical vulnerabilities in Microsoft Windows and Microsoft Content Management Server. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
Event Information

Date (UTC)Description
2007-04-11 00:59 JPCERT/CC
JPCERT-AT-2007-0008: April 2007 Microsoft Security Bulletin (including five critical patches)
2007-04-10 20:29 US-CERT
TA07-100A: Microsoft Update for Windows Animated Cursor Vulnerability
Via US-CERT Mailing List
2007-04-10 17:30 US-CERT
Microsoft Releases April Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows and Content Management Server as part of the Microsoft Security Bulletin Summary for April 2007.
2007-04-10 Microsoft
MS07-APR: Microsoft Security Bulletin Summary for April 2007
Included in this advisory are updates for newly discovered vulnerabilities.
2007-04-10 Internet Security Systems
Microsoft Windows Universal Plug and Play HTTP Buffer Overflow
Microsoft Windows is vulnerable to a buffer overflow, caused by improper bounds checking by the Universal Plug and Play (UPnP) service.
2007-01-19 eEye Digital Security
EEYEB-AD20070410b: Windows Vista CSRSS Dangling Process Pointer Privilege Escalation
CSRSS Local Elevation of Privilege Vulnerability (CVE-2007-1209,MS07-021)
Vulnerability Reported
2006-12-12 eEye Digital Security
EEYEB-AD20070410a: Windows VDM Zero Page Race Condition Privilege Escalation
Kernel Local Elevation of Privilege Vulnerability (CVE-2007-1206,MS07-022)
Vulnerability Reported
2006-12-11 Secunia Research
2006-74: Microsoft Agent URL Parsing Memory Corruption Vulnerability
Microsoft Agent URL Parsing Vulnerability (CVE-2007-1205,MS07-020)
Vulnerability Reported
2006-12-06 iDefense
Microsoft Windows Universal Plug and Play Memory Corruption Vulnerability
UPnP Memory Corruption Vulnerability (CVE-2007-1204,MS07-019)
Vulnerability Reported


Date first published (UTC): 2007-04-10T20:02+00:00
Date last updated (UTC): 2007-04-12T08:51+00:00