Status Tracking Note TRTA07-163A

Microsoft Updates for Multiple Vulnerabilities

Overview

Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Windows Secure Channel, Internet Explorer, Win32 API, Windows Mail and Outlook Express. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
Event Information


Date (UTC)Description
2007-06-13 19:30 Symantec
ThreatCON (2) => (1)
2007-06-13 01:55 JPCERT/CC
JPCERT-AT-2007-0014: June 2007 Microsoft Security Bulletin (including four critical patches)
2007-06-12 20:57 SANS Internet Storm Center
June 2007, Microsoft Patch Tuesday Overview.
Overview of the June 2007 Microsoft patches and their status.
2007-06-12 20:24 US-CERT
TA07-163A: Microsoft Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
2007-06-12 18:30 Symantec
ThreatCON (1) => (2)
2007-06-12 17:18 US-CERT
Microsoft Releases June Security Bulletins
Microsoft has released updates to address vulnerabilities in Windows, Internet Explorer, Outlook Express, Windows Mail, Visio, and the Windows Schannel Security Package as part of the Microsoft Security Bulletin Summary for June 2007.
2007-06-12 Microsoft
MS07-JUN: Microsoft Security Bulletin Summary for June 2007
Included in this advisory are updates for newly discovered vulnerabilities.
2007-06-10 Bugtraq
Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
Speech Control Memory Corruption Vulnerability Proof Of Concept (CVE-2007-2222)
#Cid: MSXPSP2_Speech_API_ActiveX_BoF.txt
#Tested: Windows XP + SP2, IE 6
2007-06-01 Bugtraq
Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
Speech Control Memory Corruption Vulnerability Proof Of Concept (CVE-2007-2222)
#Cid: MS2KSP4_Speech_API_ActiveX_BoF.txt
#Tested: Windows 2000 + SP4, IE 6
2007-02-15 Zero Day Initiative (ZDI)
ZDI-07-038: Microsoft Internet Explorer Prototype Dereference Code Execution Vulnerability
Uninitialized Memory Corruption Vulnerability(MS07-033, CVE-2007-1751)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
Vulnerability Reported
2006-11-08 Zero Day Initiative (ZDI)
ZDI-07-037: Microsoft Internet Explorer Language Pack Installation Remote Code Execution Vulnerability
Language Pack Installation Vulnerability(MS07-033, CVE-2007-3027)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
Vulnerability Reported
2006-10-24 iDefense
Microsoft License Manager and urlmon.dll COM Object Interaction Invalid Memory Access Vulnerability
COM Object Instantiation Memory Corruption Vulnerability (CVE-2007-0218,MS07-033)
Remote exploitation of an invalid memory access vulnerability in various Microsoft products, including Internet Explorer, while creating certain COM objects may allow an attacker to execute arbitrary code.
Vulnerability Reported
2006-08-28 COSEINC Private Limited
SChannel Off-By-One Heap Corruption
Vulnerability in the Windows Schannel Security Package (CVE-2007-2218,MS07-031)
The Secure Channel (SChannel) library on WinXP-SP1/SP2 is vulnerable to a off-by-one heap buffer overwrite.
Vulnerability Reported


Date first published (UTC): 2007-06-12T22:28+00:00
Date last updated (UTC): 2007-06-13T20:22+00:00