Microsoft Updates for Multiple Vulnerabilities
http://jvnrss.ise.chuo-u.ac.jp/jtg/trn/en/TRTA07-317A.html
JVNRSS based Status Tracking Notes: Microsoft has released updates that address critical vulnerabilities in Microsoft Windows and Microsoft Windows DNS Server. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary commands or to cause a Windows DNS server to provide incorrect DNS responses.JVNRSS Feasibility Study Teamjvn@jvn.jpTRTA07-317A2007-11-17T06:24+00:002007-11-15T11:37+00:002007-11-17T06:24+00:00Nov 2007 Microsoft Security Bulletin (including one critical patch)
http://www.jpcert.or.jp/at/2007/at070022.txt
JPCERT/CCJPCERT-AT-2007-0022http://www.microsoft.com/technet/security/bulletin/ms07-061.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-062.mspx2007-11-14T01:08+00:002007-11-14T01:08+00:002007-11-14T01:08+00:00Mozilla Thunderbird 2.0.0.9 Release
http://www.mozilla.com/en-US/thunderbird/2.0.0.9/releasenotes/
Vulnerability Fixed(MFSA 2007-36,CVE-2007-4841)Fixed in
Mozillahttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-48412007-11-142007-11-142007-11-14november black tuesday overview
http://isc.sans.org/diary.html?storyid=3642
Overview of the November 2007 Microsoft patches and their status.
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA07-317A.html2007-11-13T22:31+00:002007-11-13T22:31+00:002007-11-13T22:31+00:00Microsoft Updates for Multiple Vulnerabilities
http://www.us-cert.gov/cas/techalerts/TA07-317A.html
Via US-CERT Mailing List
US-CERTTA07-317Ahttp://www.uscert.gov/cas/techalerts/TA07-317A.htmlhttp://www.microsoft.com/technet/security/bulletin/ms07-061.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-062.mspx2007-11-13T14:53-05:002007-11-13T14:53-05:002007-11-13T14:53-05:00Microsoft Security Bulletin Summary for November 2007
http://www.microsoft.com/technet/security/bulletin/ms07-nov.mspx
Included in this advisory are updates for newly discovered vulnerabilities.
MicrosoftMS07-NOVhttp://www.microsoft.com/technet/security/bulletin/ms07-061.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-062.mspx2007-11-13T11:45-08:002007-11-13T11:45-08:002007-11-13T11:45-08:00Microsoft Releases November Security Bulletins
http://www.us-cert.gov/current/archive/2007/11/13/archive.html#microsoft_releases_november_security_bulletins
US-CERT Current Activity
Microsoft has released updates to address vulnerabilities in Windows as part of the Microsoft Security Bulletin Summary for November 2007.
US-CERThttp://www.uscert.gov/cas/techalerts/TA07-317A.html2007-11-13T13:26-04:002007-11-13T13:26-04:002007-11-13T13:26-04:00URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/943521.mspx?jvntrev=2
Advisory updated to reflect publication of security bulletin
MicrosoftMicrosoft Security Advisory (943521)http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-38962007-11-132007-11-132007-11-13Microsoft Windows DNS spoofing information disclosure
http://www.iss.net/threats/278.html
The Microsoft Windows DNS service in certain versions of Windows 2000 and Windows 2003 could allow a remote attacker to spoof DNS responses and obtain sensitive information.
IBM Internet Security Systemshttp://www.microsoft.com/technet/security/Bulletin/MS07-062.mspxhttp://xforce.iss.net/xforce/xfdb/36805http://www.us-cert.gov/cas/techalerts/TA07-317A.html2007-11-132007-11-132007-11-13URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/943521.mspx?jvntrev=1
Advisory updated to reflect increased threat level
MicrosoftMicrosoft Security Advisory (943521)http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-38962007-10-252007-10-252007-10-25Mozilla Firefox 2.0.0.8 Release
http://www.mozilla.com/en-US/firefox/2.0.0.8/releasenotes/
Vulnerability Fixed(MFSA 2007-36,CVE-2007-4841)Fixed in
Mozillahttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-48412007-10-182007-10-182007-10-18URIs with invalid %-encoding mishandled by Windows
http://www.mozilla.org/security/announce/2007/mfsa2007-36.html
MozillaMFSA 2007-36http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-48412007-10-182007-10-182007-10-180-day PDF exploit
http://www.securityfocus.com/bid
Vulnerability Proof Of Concept (CVE-2007-5020)
#Cid: pdf_poc.pdf
Full-disclosurehttp://www.us-cert.gov/cas/techalerts/TA07-297B.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5020http://www.microsoft.com/technet/security/bulletin/ms07-061.mspx2007-10-16T07:00-05:002007-10-16T07:00-05:002007-10-16T07:00-05:00URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/943521.mspx
MicrosoftMicrosoft Security Advisory (943521)http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-38962007-10-102007-10-102007-10-100day: mIRC pwns Windows
http://www.securityfocus.com/archive/1/481418
Bugtraqhttp://www.uscert.gov/cas/techalerts/TA07-317A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3896http://www.microsoft.com/technet/security/bulletin/ms07-061.mspx2007-10-03T16:06+00:002007-10-03T16:06+00:002007-10-03T16:06+00:000day: PDF pwns Windows
http://www.securityfocus.com/archive/1/480080
I am closing the season with the following HIGH Risk vulnerability: Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box. Completely!!! Invisibly and unwillingly!!! All it takes is to open a PDF document or stumble across a page which embeds one.
BugTraqhttp://www.us-cert.gov/cas/techalerts/TA07-297B.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5020http://www.microsoft.com/technet/security/bulletin/ms07-061.mspx2007-09-20T14:21+01:002007-09-20T14:21+01:002007-09-20T14:21+01:00HT0JKHUb6epVqGfAl/oj9UlnE8E=U2tDpIvcOhItC8kHlp7PH8pQ79A=NDR8b2nkkzbGHaxMLsCrNwyB0dBr0AMtEQiIu6v3LMsCp3TFJUbceacN3ZdZi8wdunBPCrUJrJmN6fgMpEmeOuazjSvwphX8Sxv8vYSZI78li9jr7U1rc0mdkHhGGlY+KIkz9j0w0uInEw7Ir7haGAxR1ibD2cpYgnFD+wJIeGk=MIIE1DCCA7ygAwIBAgIQfBHY/s5/LRzGChqXgtjCKTANBgkqhkiG9w0BAQUFADCB3TELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNTEeMBwGA1UECxMVUGVyc29uYSBOb3QgVmFsaWRhdGVkMTcwNQYDVQQDEy5WZXJpU2lnbiBDbGFzcyAxIEluZGl2aWR1YWwgU3Vic2NyaWJlciBDQSAtIEcyMB4XDTA3MDcwNTAwMDAwMFoXDTA4MDcwNDIzNTk1OVowggEhMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5ODEeMBwGA1UECxMVUGVyc29uYSBOb3QgVmFsaWRhdGVkMTQwMgYDVQQLEytEaWdpdGFsIElEIENsYXNzIDEgLSBNaWNyb3NvZnQgRnVsbCBTZXJ2aWNlMSYwJAYDVQQDFB1KVk5SU1MgRmVhc2liaWxpdHkgU3R1ZHkgVGVhbTEfMB0GCSqGSIb3DQEJARYQanZucnNzQGlwYS5nby5qcDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsCjiweXb23sjKQajfCS8WiHjax1ppkfkjhN/SwBp/LOOXlpZpzW/lHtKSnWJLPOZzLxIJUWARTZ+T2y2wCzDnKU9TOkNx56u7iBhhATVRyPby22uRY0Pf+1uu8vnSZPvAR50FI9o2COo9xCqfXZWU/RNWSrsrxJd2XL4Y6sYzL0CAwEAAaOBzDCByTAJBgNVHRMEAjAAMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHFwMwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMEoGA1UdHwRDMEEwP6A9oDuGOWh0dHA6Ly9JbmRDMURpZ2l0YWxJRC1jcmwudmVyaXNpZ24uY29tL0luZEMxRGlnaXRhbElELmNybDANBgkqhkiG9w0BAQUFAAOCAQEAHbEsHsaKt3O4OUlcec2BOe+MAP4eGW5X494WdegnLEW4tlAxZvctmLeGr0VRXMtF1JumpTLQcdQvUFp15N2+RDa1PrMFrkrCz9BdextE/7mykda0DzsAvbroqHbsu3tZOhnE7T61ZxtBuXOC0jChphl96yDn8NxvebCwcApB46oeKSbAFT21HRIWGiCo1QaMvB390MzFfOFfft1oHivREyIjgXNyAUSTunj/rQhodTnQRVdRuVwa5KSUErWOnNFM2uuXaF/vJqVRX2QR6zr+S+JGbw3ykc/7zkixEBbkSv3wOTh7BmsXRzRvLcaD92ifxOqFxWHQxIqMSxsbJ6WyPQ==