Status Tracking Note TRTA07-282A

Microsoft Updates for Multiple Vulnerabilities

Overview

Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Outlook Express and Windows Mail, Microsoft Office, Microsoft Office for Mac, and Microsoft SharePoint. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
Event Information


Date (UTC)Description
2007-11-11 Bugtraq
Microsoft Internet Explorer TIF/TIFF Code Execution (MS07-055)
Kodak Image Viewer Remote Code Execution Vulnerability - Proof Of Concept (CVE-2007-2217,MS07-055)
#Cid: 25909.pl
#Tested: Windows 2000 SP4 + IE5.01
#Tested: Windows 2000 SP4 + IE5.5
#Tested: Windows 2000 SP4 + IE6.0 SP1
2007-10-29 Bugtraq
Kodak Image Viewer TIF/TIFF Code Execution Exploit PoC (MS07-055)
Kodak Image Viewer Remote Code Execution Vulnerability - Proof Of Concept (CVE-2007-2217,MS07-055)
#Cid: MS07-055.c
#Tested: Windows 2000 SP4 [KO]
2007-10-11 Trend Micro
TROJ_MDROPPER.WN
Exploit for MS07-060
2007-10-10 23:28 Symantec
Trojan.Mdropper.Z
2007-10-10 19:15 BreakingPoint Systems
October 2007 Microsoft Tuesday
The details we have discovered from October's Microsoft Tuesday patches.
2007-10-10 01:22 Symantec
Bloodhound.Exploit.162
2007-10-10 00:34 JPCERT/CC
JPCERT-AT-2007-0021: Oct 2007 Microsoft Security Bulletin (including four critical patches)
2007-10-10 00:00 Symantec
Patch Tuesday/Exploit Wednesday?
2007-10-09 19:15 US-CERT
TA07-282A: Microsoft Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
2007-10-09 18:56 SANS Internet Storm Center
October Black Tuesday overview
Overview of the October 2007 Microsoft patches and their status.
2007-10-09 07:15 US-CERT
Microsoft Releases October Security Bulletins
Microsoft has released updates to address vulnerabilities in Windows, Outlook Express, Windows Mail, Internet Explorer, and Office as part of the Microsoft Security Bulletin Summary for October 2007.
2007-10-09 Microsoft
MS07-OCT: Microsoft Security Bulletin Summary for October 2007
Included in this advisory are updates for newly discovered vulnerabilities.
2007-07-11 iDefense
Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow
Network News Transfer Protocol Memory Corruption Vulnerability(CVE-2007-3897,MS07-056)
Vulnerability Reported
2007-02-05 Zero Day Initiative (ZDI)
ZDI-07-055: Microsoft Windows DCERPC Authentication Denial of Service Vulnerability
RPC Authentication Vulnerability(MS07-058, CVE-2007-2228)
This vulnerability allows remote attackers to crash systems with vulnerable installations of the Microsoft Windows operating system. Authentication is not required to exploit this vulnerability.
Vulnerability Reported


Date first published (UTC): 2007-10-12T22:43+00:00
Date last updated (UTC): 2007-11-15T12:32+00:00