Status Tracking Note TRTA08-288A

Microsoft Updates for Multiple Vulnerabilities

Overview

Microsoft has released updates that address vulnerabilities in Microsoft Windows, Internet Explorer, and Microsoft Office.
Event Information


Date (UTC)Description
2008-10-15 23:44 Symantec
ThreatCON (1) => (2)
An exploit has been published for the Microsoft Host Integration Server RPC Remote Command Execution Vulnerability (BID 31620).
2008-10-15 17:41 Bugtraq
Microsoft Host Integration Server 2006 Command Execution Vulnerability
HIS Command Execution Vulnerability (CVE2008-3466, MS08-059)
Metasploit Framwork exploit module
This module exploits a command-injection vulnerability in Microsoft Host Integration Server 2006.
#Cid: module ms08_059_his2006.rb
#Cid: 31620.rb
2008-10-15 13:03 Bugtraq
Exploit for MS08-066 - AFD.sys kernel memory overwrite
AFD Kernel Overwrite Vulnerability (CVE2008-3466, MS08-066)
K-Plugin (exploit) for Microsoft afd.sys (MS08-066) - Windows XP & 2003
#Cid: afd_plugin.zip
2008-10-15 03:40 JPCERT/CC
JPCERT-AT-2008-0017: October 2008 Microsoft Security Bulletin (including four critical patches)
2008-10-14 22:43 SANS Internet Storm Center
October Black Tuesday Overview
Overview of the October 2008 Microsoft patches and their status.
2008-10-14 19:50 US-CERT
TA08-288A: Microsoft Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
2008-10-14 19:17 Microsoft
MS08-OCT: Microsoft Security Bulletin Summary for October 2008
Included in this advisory are updates for newly discovered vulnerabilities.
2008-10-14 17:39 US-CERT
Microsoft Releases October Security Bulletin
US-CERT Current Activity
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Host Integration Server, and Office as part of the Microsoft Security Bulletin Summary for October 2008. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information or operate with elevated privileges.
2008-10-14 10:17 Microsoft Security Vulnerability Research & Defense
MS08-066 : Catching and fixing a ProbeForRead / ProbeForWrite bypass
AFD Kernel Overwrite Vulnerability (CVE2008-3466, MS08-066)
The driver afd.sys is responsible for handling socket connections. MS08-066 addresses several vulnerabilities in afd.sys that could allow an attacker to execute arbitrary code in kernel mode. These vulnerabilities can only be exploited locally and there is no remote vector from our investigations.
2008-10-14 IBM Internet Security Systems
Microsoft Host Integration Server RPC Service Remote Code Execution
HIS Command Execution Vulnerability (CVE2008-3466, MS08-059)
Microsoft Host Integration Server is vulnerable to remote code execution caused by improper bounds checking in the SNA RPC Service.
2008-10-09 17:42 Microsoft
MS08-OCT: Microsoft Security Bulletin Summary for October 2008
Included in this advisory are updates for newly discovered vulnerabilities.
2008-06-25 Zero Day Initiative (ZDI)
ZDI-08-069: Microsoft Internet Explorer componentFromPoint Memory Corruption Vulnerability
Uninitialized Memory Corruption Vulnerability (MS08-058, CVE-2008-3475)
Vulnerability Reported
2008-05-27 iDefense
Microsoft Host Integration Server 2006 Command Execution Vulnerability
HIS Command Execution Vulnerability (MS08-059, CVE-2008-3466)
Vulnerability Reported
The RPC interface exposes several methods that an unauthenticated attacker can use to execute arbitrary programs on the server. RPC opcodes 1 and 6 both allow an attacker to call the CreateProcess() function with full control over the application started, as well as the command line passed to it. This allows an attacker to run arbitrary programs on the server.
2008-05-23 Zero Day Initiative (ZDI)
ZDI-08-068: Microsoft Office Excel BIFF File Format Parsing Stack Overflow Vulnerability
File Format Parsing Vulnerability (MS08-057, CVE-2008-3471)
Vulnerability Reported
2007-11-14 TippingPoint
TPTI-08-07: Microsoft Windows Message Queuing Service Heap Overflow and Memory Disclosure Vulnerability
Message Queuing Service Remote Code Execution Vulnerability (CVE-2008-3479, MS08-065)
Vulnerability Reported
2007-04-17 iDefense
Microsoft Visual Basic for Applications - Multiple Vulnerabilities
Calendar Object Validation Vulnerability (MS08-057, CVE-2008-3477)
Vulnerability Reported
These vulnerabilities exist in the handling of an object embedded in an Office document. When processing this object, the VBA module does not validate any of several values correctly. By crafting an object that contains a specific value, corruption can be caused. This leads to a potentially exploitable condition.

Reference

Date first published (UTC): 2008-10-26T22:41+00:00
Date last updated (UTC): 2008-10-26T22:41+00:00
Valid HTML 4.01!