Status Tracking Note TRTA07-317A

Microsoft Updates for Multiple Vulnerabilities

Microsoft has released updates that address critical vulnerabilities in Microsoft Windows and Microsoft Windows DNS Server. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary commands or to cause a Windows DNS server to provide incorrect DNS responses.

Event Information

Date (UTC)	Description
2007-11-14 01:08	JPCERT/CC JPCERT-AT-2007-0022: Nov 2007 Microsoft Security Bulletin (including one critical patch)
2007-11-14	Mozilla Mozilla Thunderbird 2.0.0.9 Release Vulnerability Fixed(MFSA 2007-36,CVE-2007-4841)Fixed in
2007-11-13 22:31	SANS Internet Storm Center november black tuesday overview Overview of the November 2007 Microsoft patches and their status.
2007-11-13 19:53	US-CERT TA07-317A: Microsoft Updates for Multiple Vulnerabilities Via US-CERT Mailing List
2007-11-13 19:45	Microsoft MS07-NOV: Microsoft Security Bulletin Summary for November 2007 Included in this advisory are updates for newly discovered vulnerabilities.
2007-11-13 17:26	US-CERT Microsoft Releases November Security Bulletins US-CERT Current Activity Microsoft has released updates to address vulnerabilities in Windows as part of the Microsoft Security Bulletin Summary for November 2007.
2007-11-13	Microsoft Microsoft Security Advisory (943521): URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution Advisory updated to reflect publication of security bulletin
2007-11-13	IBM Internet Security Systems Microsoft Windows DNS spoofing information disclosure The Microsoft Windows DNS service in certain versions of Windows 2000 and Windows 2003 could allow a remote attacker to spoof DNS responses and obtain sensitive information.
2007-10-25	Microsoft Microsoft Security Advisory (943521): URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution Advisory updated to reflect increased threat level
2007-10-18	Mozilla Mozilla Firefox 2.0.0.8 Release Vulnerability Fixed(MFSA 2007-36,CVE-2007-4841)Fixed in
2007-10-18	Mozilla MFSA 2007-36: URIs with invalid %-encoding mishandled by Windows
2007-10-16 12:00	Full-disclosure 0-day PDF exploit Vulnerability Proof Of Concept (CVE-2007-5020) #Cid: pdf_poc.pdf
2007-10-10	Microsoft Microsoft Security Advisory (943521): URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution
2007-10-03 16:06	Bugtraq 0day: mIRC pwns Windows
2007-09-20 13:21	BugTraq 0day: PDF pwns Windows I am closing the season with the following HIGH Risk vulnerability: Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box. Completely!!! Invisibly and unwillingly!!! All it takes is to open a PDF document or stumble across a page which embeds one.


Date first published (UTC):	2007-11-15T11:37+00:00
Date last updated (UTC):	2007-11-17T06:24+00:00