Status Tracking Note TRTA08-134A

Microsoft Updates for Multiple Vulnerabilities

Overview

Microsoft has released updates that address vulnerabilities in Microsoft Windows, Office, Jet Database Engine, Windows Live OneCare, Antigen, Windows Defender, and Forefront Security.
Event Information

Date (UTC)Description
2008-05-14 02:03 JPCERT/CC
JPCERT-AT-2008-0007: May 2008 Microsoft Security Bulletin (including three critical patches)
2008-05-13 22:01 SANS Internet Storm Center
May 2008 black tuesday overview
Overview of the May 2008 Microsoft patches and their status.
2008-05-13 19:44 US-CERT
TA08-134A: Microsoft Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
2008-05-13 19:42 Microsoft
Microsoft Security Advisory (950627): Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution
Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability (MS08-028, CVE-2007-6026)
Microsoft has completed the investigation into public reports of this vulnerability. We have issued Microsoft Security Bulletin MS08-028 to address this issue.
2008-05-13 18:39 Symantec
ThreatCON (1) => (2)
Microsoft has addressed several vulnerabilities with the May 2008 patch release. We advise customers to install the updates as soon as possible.
2008-05-13 18:37 Microsoft
MS08-MAY: Microsoft Security Bulletin Summary for May 2008
Included in this advisory are updates for newly discovered vulnerabilities.
2008-05-13 17:51 US-CERT
Microsoft Releases April Security Bulletin
US-CERT Current Activity
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Live OneCare, Antigen, Windows Defender, and Forefront Security as part of the Microsoft Security Bulletin Summary for May 2008. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
2008-05-13 IBM Internet Security Systems
Microsoft Jet Database Engine (msjet40.dll) Remote Code Execution
Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability (MS08-028, CVE-2007-6026)
Microsoft Jet Database Engine (msjet40.dll) is vulnerable to a stack-based buffer overflow that could allow remote code execution. An attacker could exploit this vulnerability by sending a malicious file as an email attachment or by hosting it on a Web site and persuading the victim to click a link.
2008-03-22 01:26 Microsoft
Microsoft Security Advisory (950627): Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution
Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability (MS08-028, CVE-2007-6026)
2008-01-21 Zero Day Initiative (ZDI)
ZDI-08-023: Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability
Object Parsing Vulnerability (MS08-026, CVE-2008-1091)
Vulnerability Reported
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious email, or open a malicious file.
2007-11-08 iDefense
Microsoft Word CSS Processing Memory Corruption Vulnerability
Word Cascading Style Sheet (CSS) Vulnerability (MS08-026, CVE-2008-1434)
Vulnerability Reported
Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code with the privileges of the logged in user.


Date first published (UTC): 2008-05-19T22:52+00:00
Date last updated (UTC): 2008-05-19T22:52+00:00
Valid HTML 4.01!