Status Tracking Note TRTA07-317A

Microsoft Updates for Multiple Vulnerabilities

Overview

Microsoft has released updates that address critical vulnerabilities in Microsoft Windows and Microsoft Windows DNS Server. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary commands or to cause a Windows DNS server to provide incorrect DNS responses.
Event Information

Date (UTC)Description
2007-11-14 01:08 JPCERT/CC
JPCERT-AT-2007-0022: Nov 2007 Microsoft Security Bulletin (including one critical patch)
2007-11-14 Mozilla
Mozilla Thunderbird 2.0.0.9 Release
Vulnerability Fixed(MFSA 2007-36,CVE-2007-4841)Fixed in
2007-11-13 22:31 SANS Internet Storm Center
november black tuesday overview
Overview of the November 2007 Microsoft patches and their status.
2007-11-13 19:53 US-CERT
TA07-317A: Microsoft Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
2007-11-13 19:45 Microsoft
MS07-NOV: Microsoft Security Bulletin Summary for November 2007
Included in this advisory are updates for newly discovered vulnerabilities.
2007-11-13 17:26 US-CERT
Microsoft Releases November Security Bulletins
US-CERT Current Activity
Microsoft has released updates to address vulnerabilities in Windows as part of the Microsoft Security Bulletin Summary for November 2007.
2007-11-13 Microsoft
Microsoft Security Advisory (943521): URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution
Advisory updated to reflect publication of security bulletin
2007-11-13 IBM Internet Security Systems
Microsoft Windows DNS spoofing information disclosure
The Microsoft Windows DNS service in certain versions of Windows 2000 and Windows 2003 could allow a remote attacker to spoof DNS responses and obtain sensitive information.
2007-10-25 Microsoft
Microsoft Security Advisory (943521): URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution
Advisory updated to reflect increased threat level
2007-10-18 Mozilla
Mozilla Firefox 2.0.0.8 Release
Vulnerability Fixed(MFSA 2007-36,CVE-2007-4841)Fixed in
2007-10-18 Mozilla
MFSA 2007-36: URIs with invalid %-encoding mishandled by Windows
2007-10-16 12:00 Full-disclosure
0-day PDF exploit
Vulnerability Proof Of Concept (CVE-2007-5020)
#Cid: pdf_poc.pdf
2007-10-10 Microsoft
Microsoft Security Advisory (943521): URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution
2007-10-03 16:06 Bugtraq
0day: mIRC pwns Windows
2007-09-20 13:21 BugTraq
0day: PDF pwns Windows
I am closing the season with the following HIGH Risk vulnerability: Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box. Completely!!! Invisibly and unwillingly!!! All it takes is to open a PDF document or stumble across a page which embeds one.


Date first published (UTC): 2007-11-15T11:37+00:00
Date last updated (UTC): 2007-11-17T06:24+00:00