Status Tracking Note TRTA07-191A

Microsoft Updates for Multiple Vulnerabilities

Overview

Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Excel, Publisher, .NET Framework, Internet Information Services, and Windows Vista Firewall. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
Event Information

Date (UTC)Description
2007-07-12 18:08 Symantec
ThreatCON (2) => (1)
The ThreatCon is at level 1. Patches for the vulnerabilities announced in the Microsoft July 2007 security bulletin release have been available for over twenty-four hours.
2007-07-12 12:28 SANS Internet Storm Center
MS07-040: .NET update trouble
2007-07-11 10:07 Bugtraq
Low Risk Vulnerability in Active Directory
Active Directory Denial of Service Vulnerability (CVE-2007-3028)
2007-07-11 02:03 JPCERT/CC
JPCERT-AT-2007-0017: July 2007 Microsoft Security Bulletin (including three critical patches)
2007-07-10 20:52 US-CERT
TA07-191A: Microsoft Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
2007-07-10 20:30 SANS Internet Storm Center
July 'Black Tuesday' overview
Overview of the July 2007 Microsoft patches and their status.
2007-07-10 19:33 US-CERT
Microsoft Releases July Security Bulletins
Microsoft has released updates to address vulnerabilities in Windows, Excel, Office Publisher, and .NET Framework as part of the Microsoft Security Bulletin Summary for July 2007.
2007-07-10 18:44 Symantec
ThreatCON (1) => (2)
Microsoft has released the July security bulletins. Customers are advised to review the bulletins and to apply the updates as soon as possible.
2007-07-10 Internet Security Systems
Microsoft Internet Information Services Remote Code Execution
By sending specially-crafted URL requests to a Web page hosted by IIS, a remote attacker could execute arbitrary code on the system.
2007-07-10 Internet Security Systems
Microsoft Windows Active Directory Remote Code Execution
By sending a specially-crafted LDAP request, a remote attacker could execute arbitrary code on a server running a vulnerable version of Microsoft Windows Active Directory.
2007-07-10 Microsoft
MS07-JUL: Microsoft Security Bulletin Summary for July 2007
Included in this advisory are updates for newly discovered vulnerabilities.
2007-02-16 eEye Digital Security
EEYEB-AD20070710: Microsoft Publisher 2007 Arbitrary Pointer Dereference
Publisher Invalid Memory Reference Vulnerability (CVE-2007-1754,MS07-037)
Vulnerability Reported


Date first published (UTC): 2007-07-10T23:23+00:00
Date last updated (UTC): 2007-07-15T04:14+00:00