Status Tracking Note TRTA07-191A

Microsoft Updates for Multiple Vulnerabilities

Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Excel, Publisher, .NET Framework, Internet Information Services, and Windows Vista Firewall. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.

Event Information

Date (UTC)	Description
2007-07-12 18:08	Symantec ThreatCON (2) => (1) The ThreatCon is at level 1. Patches for the vulnerabilities announced in the Microsoft July 2007 security bulletin release have been available for over twenty-four hours.
2007-07-12 12:28	SANS Internet Storm Center MS07-040: .NET update trouble
2007-07-11 10:07	Bugtraq Low Risk Vulnerability in Active Directory Active Directory Denial of Service Vulnerability (CVE-2007-3028)
2007-07-11 02:03	JPCERT/CC JPCERT-AT-2007-0017: July 2007 Microsoft Security Bulletin (including three critical patches)
2007-07-10 20:52	US-CERT TA07-191A: Microsoft Updates for Multiple Vulnerabilities Via US-CERT Mailing List
2007-07-10 20:30	SANS Internet Storm Center July 'Black Tuesday' overview Overview of the July 2007 Microsoft patches and their status.
2007-07-10 19:33	US-CERT Microsoft Releases July Security Bulletins Microsoft has released updates to address vulnerabilities in Windows, Excel, Office Publisher, and .NET Framework as part of the Microsoft Security Bulletin Summary for July 2007.
2007-07-10 18:44	Symantec ThreatCON (1) => (2) Microsoft has released the July security bulletins. Customers are advised to review the bulletins and to apply the updates as soon as possible.
2007-07-10	Internet Security Systems Microsoft Internet Information Services Remote Code Execution By sending specially-crafted URL requests to a Web page hosted by IIS, a remote attacker could execute arbitrary code on the system.
2007-07-10	Internet Security Systems Microsoft Windows Active Directory Remote Code Execution By sending a specially-crafted LDAP request, a remote attacker could execute arbitrary code on a server running a vulnerable version of Microsoft Windows Active Directory.
2007-07-10	Microsoft MS07-JUL: Microsoft Security Bulletin Summary for July 2007 Included in this advisory are updates for newly discovered vulnerabilities.
2007-02-16	eEye Digital Security EEYEB-AD20070710: Microsoft Publisher 2007 Arbitrary Pointer Dereference Publisher Invalid Memory Reference Vulnerability (CVE-2007-1754,MS07-037) Vulnerability Reported


Date first published (UTC):	2007-07-10T23:23+00:00
Date last updated (UTC):	2007-07-15T04:14+00:00