Status Tracking Note TRTA08-162B

Microsoft Updates for Multiple Vulnerabilities

Overview

Microsoft has released updates that address vulnerabilities in Microsoft Windows, Windows Server, and Internet Explorer.
Event Information


Date (UTC)Description
2008-06-11 00:57 JPCERT/CC
JPCERT-AT-2008-0011: June 2008 Microsoft Security Bulletin (including three critical patches)
2008-06-10 20:38 US-CERT
TA08-162B: Microsoft Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
2008-06-10 20:32 Microsoft
MS08-JUN: Microsoft Security Bulletin Summary for June 2008
Included in this advisory are updates for newly discovered vulnerabilities.
2008-06-10 18:37 Symantec
ThreatCON (1) => (2)
Microsoft has released seven new security bulletins addressing various vulnerabilities, some of which allow arbitrary code to run. Users are advised to review the bulletins and to apply the associated updates as soon as possible.
2008-06-10 18:09 SANS Internet Storm Center
June 2008 Black Tuesday Overview
Overview of the June 2008 Microsoft patches and their status.
2008-06-10 17:48 US-CERT
Microsoft Releases June Security Bulletin
US-CERT Current Activity
Microsoft has released updates to address vulnerabilities in Microsoft Windows and Internet Explorer as part of the Microsoft Security Bulletin Summary for June 2008. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, or cause a denial-of-service condition.
2008-06-10 IBM Internet Security Systems
Microsoft Windows MJPEG Codec Multiple Overflows
MJPEG Decoder Vulnerability (MS08-033, CVE-2008-0011)
The Microsoft MJPEG codec is vulnerable to multiple stack-based buffer overflows when parsing specially crafted files. A remote attacker could overflow the buffer and execute arbitary code within the context of the user viewing the malicious file.
2008-06-10 IBM Internet Security Systems
Microsoft Windows DirectX SAMI Code Execution
SAMI Format Parsing Vulnerability (MS08-033, CVE-2008-1444)
Microsoft Windows DirectX could allow a remote attacker to execute arbitrary code on the system.
2008-02-07 Zero Day Initiative (ZDI)
ZDI-08-039: Microsoft Internet Explorer DOM Ojbect substringData() Heap Overflow Vulnerability
HTML Objects Memory Corruption Vulnerability (MS08-031, CVE-2008-1442)
Vulnerability Reported
The specific flaw exists in the substringData() method when called on a DOM object that has been manipulated in a special way. The attack results in an exploitable heap buffer allowing for code execution under the context of the current user.
2008-01-21 Zero Day Initiative (ZDI)
ZDI-08-040: Microsoft DirectX SAMI File Format Name Parsing Stack Overflow Vulnerability
SAMI Format Parsing Vulnerability (MS08-033, CVE-2008-1444)
Vulnerability Reported
The specific flaw exists in the parsing of SAMI files. When handling the properties of a "Class Name" variable a lack of bounds checking can result in a stack overflow. Successful exploitation can lead to remote code execution under the credentials of the logged in user.
2007-12-08 SECURIFY
Securify bulletin: Microsoft Active Directory Denial-of-service
Active Directory Vulnerability (MS08-035, CVE-2008-1445)
Vulnerability Reported
After receiving the LDAP request, the AD server returns a partial list of the requested data to the client. After an additional minute or so, the Windows initiates a controlled restart with a 60-second countdown timer. The shutdown dialog box displays status code -1073741819.


Date first published (UTC): 2008-06-10T23:12+00:00
Date last updated (UTC): 2008-06-16T16:45+00:00
Valid HTML 4.01!