Microsoft Updates for Multiple Vulnerabilities
http://jvnrss.ise.chuo-u.ac.jp/jtg/trn/en/TRTA07-282A.html
JVNRSS based Status Tracking Notes: Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Outlook Express and Windows Mail, Microsoft Office, Microsoft Office for Mac, and Microsoft SharePoint. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.JVNRSS Feasibility Study Teamjvn@jvn.jpTRTA07-282A2007-11-15T12:32+00:002007-10-12T22:43+00:002007-11-15T12:32+00:00Microsoft Internet Explorer TIF/TIFF Code Execution (MS07-055)
http://www.securityfocus.com/bid?jvntrev=2
Kodak Image Viewer Remote Code Execution Vulnerability - Proof Of Concept (CVE-2007-2217,MS07-055)
#Cid: 25909.pl
#Tested: Windows 2000 SP4 + IE5.01
#Tested: Windows 2000 SP4 + IE5.5
#Tested: Windows 2000 SP4 + IE6.0 SP1
Bugtraqhttp://www.microsoft.com/technet/security/bulletin/ms07-055.mspxhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-22172007-11-112007-11-112007-11-11Kodak Image Viewer TIF/TIFF Code Execution Exploit PoC (MS07-055)
http://www.securityfocus.com/bid?jvntrev=1
Kodak Image Viewer Remote Code Execution Vulnerability - Proof Of Concept (CVE-2007-2217,MS07-055)
#Cid: MS07-055.c
#Tested: Windows 2000 SP4 [KO]
Bugtraqhttp://www.microsoft.com/technet/security/bulletin/ms07-055.mspxhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-22172007-10-292007-10-292007-10-29TROJ_MDROPPER.WN
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_MDROPPER.WN
Exploit for MS07-060
Trend Microhttp://www.microsoft.com/technet/security/bulletin/ms07-060.mspxhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-38992007-10-112007-10-112007-10-11Trojan.Mdropper.Z
http://www.symantec.com/avcenter/venc/data/trojan.mdropper.z.html
Symantechttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-38992007-10-10T16:28-07:002007-10-10T16:28-07:002007-10-10T16:28-07:00October 2007 Microsoft Tuesday
https://strikecenter.bpointsys.com/articles/2007/10/10/october-2007-microsoft-tuesday
The details we have discovered from October's Microsoft Tuesday patches.
BreakingPoint Systemshttp://www.us-cert.gov/cas/techalerts/TA07-282A.htmlhttp://www.microsoft.com/technet/security/bulletin/ms07-055.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-056.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-057.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-058.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-059.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-060.mspx2007-10-10T19:15+00:002007-10-10T19:15+00:002007-10-10T19:15+00:00Bloodhound.Exploit.162
http://www.symantec.com/avcenter/venc/data/bloodhound.exploit.162.html
Symantechttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-22172007-10-09T18:22-07:002007-10-09T18:22-07:002007-10-09T18:22-07:00Oct 2007 Microsoft Security Bulletin (including four critical patches)
http://www.jpcert.or.jp/at/2007/at070021.txt
JPCERT/CCJPCERT-AT-2007-0021http://www.us-cert.gov/cas/techalerts/TA07-282A.htmlhttp://www.microsoft.com/technet/security/bulletin/ms07-055.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-056.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-057.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-058.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-059.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-060.mspx2007-10-10T00:34+00:002007-10-10T00:34+00:002007-10-10T00:34+00:00Patch Tuesday/Exploit Wednesday?
http://www.symantec.com/enterprise/security_response/weblog/2007/10/patch_tuesdayexploit_wednesday.html
Symantechttp://www.microsoft.com/technet/security/bulletin/ms07-060.mspx2007-10-10T00:00+00:002007-10-10T00:00+00:002007-10-10T00:00+00:00Microsoft Updates for Multiple Vulnerabilities
http://www.us-cert.gov/cas/techalerts/TA07-282A.html
Via US-CERT Mailing List
US-CERTTA07-282Ahttp://www.uscert.gov/cas/techalerts/TA07-282A.htmlhttp://www.microsoft.com/technet/security/bulletin/ms07-055.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-056.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-057.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-058.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-059.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-060.mspx2007-10-09T15:15-04:002007-10-09T15:15-04:002007-10-09T15:15-04:00October Black Tuesday overview
http://isc.sans.org/diary.html?storyid=3480
Overview of the October 2007 Microsoft patches and their status.
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA07-282A.html2007-10-09T18:56+00:002007-10-09T18:56+00:002007-10-09T18:56+00:00Microsoft Releases October Security Bulletins
http://www.us-cert.gov/current/archive/2007/10/09/archive.html#microsoft_releases_october_security_bulletins
Microsoft has released updates to address vulnerabilities in Windows, Outlook Express, Windows Mail, Internet Explorer, and Office as part of the Microsoft Security Bulletin Summary for October 2007.
US-CERThttp://www.uscert.gov/cas/techalerts/TA07-282A.html2007-10-09T03:15-04:002007-10-09T03:15-04:002007-10-09T03:15-04:00Microsoft Security Bulletin Summary for October 2007
http://www.microsoft.com/technet/security/bulletin/ms07-oct.mspx
Included in this advisory are updates for newly discovered vulnerabilities.
MicrosoftMS07-OCThttp://www.microsoft.com/technet/security/bulletin/ms07-055.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-056.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-057.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-058.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-059.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-060.mspx2007-10-092007-10-092007-10-09Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607
Network News Transfer Protocol Memory Corruption Vulnerability(CVE-2007-3897,MS07-056)
Vulnerability Reported
iDefensehttp://www.us-cert.gov/cas/techalerts/TA07-282A.htmlhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3897http://www.microsoft.com/technet/security/bulletin/ms07-056.mspx2007-07-112007-07-112007-07-11Microsoft Windows DCERPC Authentication Denial of Service Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-055.html
RPC Authentication Vulnerability(MS07-058, CVE-2007-2228)
This vulnerability allows remote attackers to crash systems with vulnerable installations of the Microsoft Windows operating system. Authentication is not required to exploit this vulnerability.
Vulnerability Reported
Zero Day Initiative (ZDI)ZDI-07-055http://www.us-cert.gov/cas/techalerts/TA07-282A.htmlhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2228http://www.microsoft.com/technet/security/bulletin/ms07-058.mspx2007-02-052007-02-052007-02-05G13WlA9CrrYEKK9aHD0DeftXs1Q=U2tDpIvcOhItC8kHlp7PH8pQ79A=dCWWxYy3Wvbq6rQf+ocP4oiL92/3xdboymw1Jt1a5v2pgN9MHUtyVqa7P71ZTHZopDiq8HKSTxGS7OpQFJGHoyi+kYuhBB1Td5gCi2doIjm+grOTvUf2n8aqixc63dCdtt0nWg6hXQfGyPV5IFRfqXW0MgiJ39ZCBiSnGTXXpvg=MIIE1DCCA7ygAwIBAgIQfBHY/s5/LRzGChqXgtjCKTANBgkqhkiG9w0BAQUFADCB3TELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNTEeMBwGA1UECxMVUGVyc29uYSBOb3QgVmFsaWRhdGVkMTcwNQYDVQQDEy5WZXJpU2lnbiBDbGFzcyAxIEluZGl2aWR1YWwgU3Vic2NyaWJlciBDQSAtIEcyMB4XDTA3MDcwNTAwMDAwMFoXDTA4MDcwNDIzNTk1OVowggEhMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5ODEeMBwGA1UECxMVUGVyc29uYSBOb3QgVmFsaWRhdGVkMTQwMgYDVQQLEytEaWdpdGFsIElEIENsYXNzIDEgLSBNaWNyb3NvZnQgRnVsbCBTZXJ2aWNlMSYwJAYDVQQDFB1KVk5SU1MgRmVhc2liaWxpdHkgU3R1ZHkgVGVhbTEfMB0GCSqGSIb3DQEJARYQanZucnNzQGlwYS5nby5qcDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsCjiweXb23sjKQajfCS8WiHjax1ppkfkjhN/SwBp/LOOXlpZpzW/lHtKSnWJLPOZzLxIJUWARTZ+T2y2wCzDnKU9TOkNx56u7iBhhATVRyPby22uRY0Pf+1uu8vnSZPvAR50FI9o2COo9xCqfXZWU/RNWSrsrxJd2XL4Y6sYzL0CAwEAAaOBzDCByTAJBgNVHRMEAjAAMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHFwMwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMEoGA1UdHwRDMEEwP6A9oDuGOWh0dHA6Ly9JbmRDMURpZ2l0YWxJRC1jcmwudmVyaXNpZ24uY29tL0luZEMxRGlnaXRhbElELmNybDANBgkqhkiG9w0BAQUFAAOCAQEAHbEsHsaKt3O4OUlcec2BOe+MAP4eGW5X494WdegnLEW4tlAxZvctmLeGr0VRXMtF1JumpTLQcdQvUFp15N2+RDa1PrMFrkrCz9BdextE/7mykda0DzsAvbroqHbsu3tZOhnE7T61ZxtBuXOC0jChphl96yDn8NxvebCwcApB46oeKSbAFT21HRIWGiCo1QaMvB390MzFfOFfft1oHivREyIjgXNyAUSTunj/rQhodTnQRVdRuVwa5KSUErWOnNFM2uuXaF/vJqVRX2QR6zr+S+JGbw3ykc/7zkixEBbkSv3wOTh7BmsXRzRvLcaD92ifxOqFxWHQxIqMSxsbJ6WyPQ==