Microsoft Updates for Multiple Vulnerabilities
http://jvnrss.ise.chuo-u.ac.jp/jtg/trn/en/TRTA08-162B.html
JVNRSS based Status Tracking Notes: Microsoft has released updates that address vulnerabilities in Microsoft Windows, Windows Server, and Internet Explorer.JVNRSS Feasibility Study Teamjvn@jvn.jpTRTA08-162B2008-06-16T16:45+00:002008-06-10T23:12+00:002008-06-16T16:45+00:00June 2008 Microsoft Security Bulletin (including three critical patches)
http://www.jpcert.or.jp/at/2008/at080010.txt
JPCERT/CCJPCERT-AT-2008-0011http://www.us-cert.gov/cas/techalerts/TA08-162B.htmlhttp://www.microsoft.com/technet/security/bulletin/ms08-030.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-031.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-032.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-033.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-034.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-035.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-036.mspx2008-06-11T00:57+00:002008-06-11T00:57+00:002008-06-11T00:57+00:00Microsoft Updates for Multiple Vulnerabilities
http://www.us-cert.gov/cas/techalerts/TA08-162B.html
Via US-CERT Mailing List
US-CERTTA08-162Bhttp://www.us-cert.gov/cas/techalerts/TA08-162B.htmlhttp://www.microsoft.com/technet/security/bulletin/ms08-030.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-031.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-032.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-033.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-034.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-035.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-036.mspx2008-06-10T16:38-04:002008-06-10T16:38-04:002008-06-10T16:38-04:00Microsoft Security Bulletin Summary for June 2008
http://www.microsoft.com/technet/security/bulletin/ms08-jun.mspx
Included in this advisory are updates for newly discovered vulnerabilities.
MicrosoftMS08-JUNhttp://www.microsoft.com/technet/security/bulletin/ms08-030.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-031.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-032.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-033.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-034.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-035.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-036.mspx2008-06-10T13:32-07:002008-06-10T13:32-07:002008-06-10T13:32-07:00ThreatCON (1) => (2)
https://tms.symantec.com/
Microsoft has released seven new security bulletins addressing various vulnerabilities, some of which allow arbitrary code to run. Users are advised to review the bulletins and to apply the associated updates as soon as possible.
Symantechttp://www.us-cert.gov/cas/techalerts/TA08-162B.html2008-06-10T18:37+00:002008-06-10T18:37+00:002008-06-10T18:37+00:00June 2008 Black Tuesday Overview
http://isc.sans.org/diary.html?storyid=4552
Overview of the June 2008 Microsoft patches and their status.
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA08-162B.htmlhttp://www.microsoft.com/technet/security/bulletin/ms08-030.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-031.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-032.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-033.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-034.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-035.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-036.mspx2008-06-10T18:09+00:002008-06-10T18:09+00:002008-06-10T18:09+00:00Microsoft Releases June Security Bulletin
http://www.us-cert.gov/current/archive/2008/06/10/archive.html#microsoft_releases_june_security_bulletin
US-CERT Current Activity
Microsoft has released updates to address vulnerabilities in Microsoft Windows and Internet Explorer as part of the Microsoft Security Bulletin Summary for June 2008. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, or cause a denial-of-service condition.
US-CERThttp://www.us-cert.gov/cas/techalerts/TA08-162B.htmlhttp://www.microsoft.com/technet/security/bulletin/ms08-030.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-031.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-032.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-033.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-034.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-035.mspxhttp://www.microsoft.com/technet/security/bulletin/ms08-036.mspx2008-06-10T13:48-04:002008-06-10T13:48-04:002008-06-10T13:48-04:00Microsoft Windows MJPEG Codec Multiple Overflows
http://www.iss.net/threats/294.html
MJPEG Decoder Vulnerability (MS08-033, CVE-2008-0011)
The Microsoft MJPEG codec is vulnerable to multiple stack-based buffer overflows when parsing specially crafted files. A remote attacker could overflow the buffer and execute arbitary code within the context of the user viewing the malicious file.
IBM Internet Security Systemshttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0011http://xforce.iss.net/xforce/xfdb/39052http://www.microsoft.com/technet/security/bulletin/ms08-033.mspx2008-06-102008-06-102008-06-10Microsoft Windows DirectX SAMI Code Execution
http://www.iss.net/threats/295.html
SAMI Format Parsing Vulnerability (MS08-033, CVE-2008-1444)
Microsoft Windows DirectX could allow a remote attacker to execute arbitrary code on the system.
IBM Internet Security Systemshttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1444http://xforce.iss.net/xforce/xfdb/42674http://www.microsoft.com/technet/security/bulletin/ms08-033.mspx2008-06-102008-06-102008-06-10Microsoft Internet Explorer DOM Ojbect substringData() Heap Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-039
HTML Objects Memory Corruption Vulnerability (MS08-031, CVE-2008-1442)
Vulnerability Reported
The specific flaw exists in the substringData() method when called on a DOM object that has been manipulated in a special way. The attack results in an exploitable heap buffer allowing for code execution under the context of the current user.
Zero Day Initiative (ZDI)ZDI-08-039http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1442http://www.microsoft.com/technet/security/bulletin/ms08-031.mspx2008-02-072008-02-072008-02-07Microsoft DirectX SAMI File Format Name Parsing Stack Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-040
SAMI Format Parsing Vulnerability (MS08-033, CVE-2008-1444)
Vulnerability Reported
The specific flaw exists in the parsing of SAMI files. When handling the properties of a "Class Name" variable a lack of bounds checking can result in a stack overflow. Successful exploitation can lead to remote code execution under the credentials of the logged in user.
Zero Day Initiative (ZDI)ZDI-08-040http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1444http://www.microsoft.com/technet/security/bulletin/ms08-033.mspx2008-01-212008-01-212008-01-21Securify bulletin: Microsoft Active Directory Denial-of-service
http://www.securityfocus.com/archive/1/493338
Active Directory Vulnerability (MS08-035, CVE-2008-1445)
Vulnerability Reported
After receiving the LDAP request, the AD server returns a partial list of the requested data to the client. After an additional minute or so, the Windows initiates a controlled restart with a 60-second countdown timer. The shutdown dialog box displays status code -1073741819.
SECURIFYhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1445http://www.microsoft.com/technet/security/bulletin/ms08-035.mspx2007-12-082007-12-082007-12-08jM8qLeyJu7U4R+RFN7TlLNg8cEQ=LUnyvRwXlS4gDrFy0kfPtLZ+ZQ8=rqilm+uT6mhmC1tiJ456H8B/z5BZNYO0ZwevXy85XOR6CdsEybvB8dfTrZD+lC8kYy2oD5QY1JBszxnJhUs71Oysw41fKW8Om4/QiEMyGqfnq4mD5QRhniibtyYuwq53nKDcX786Kvjl6Poy/cCP9THIjMHXhRrz3rW0oooCQyI=MIIE1DCCA7ygAwIBAgIQfBHY/s5/LRzGChqXgtjCKTANBgkqhkiG9w0BAQUFADCB3TELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNTEeMBwGA1UECxMVUGVyc29uYSBOb3QgVmFsaWRhdGVkMTcwNQYDVQQDEy5WZXJpU2lnbiBDbGFzcyAxIEluZGl2aWR1YWwgU3Vic2NyaWJlciBDQSAtIEcyMB4XDTA3MDcwNTAwMDAwMFoXDTA4MDcwNDIzNTk1OVowggEhMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5ODEeMBwGA1UECxMVUGVyc29uYSBOb3QgVmFsaWRhdGVkMTQwMgYDVQQLEytEaWdpdGFsIElEIENsYXNzIDEgLSBNaWNyb3NvZnQgRnVsbCBTZXJ2aWNlMSYwJAYDVQQDFB1KVk5SU1MgRmVhc2liaWxpdHkgU3R1ZHkgVGVhbTEfMB0GCSqGSIb3DQEJARYQanZucnNzQGlwYS5nby5qcDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsCjiweXb23sjKQajfCS8WiHjax1ppkfkjhN/SwBp/LOOXlpZpzW/lHtKSnWJLPOZzLxIJUWARTZ+T2y2wCzDnKU9TOkNx56u7iBhhATVRyPby22uRY0Pf+1uu8vnSZPvAR50FI9o2COo9xCqfXZWU/RNWSrsrxJd2XL4Y6sYzL0CAwEAAaOBzDCByTAJBgNVHRMEAjAAMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHFwMwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMEoGA1UdHwRDMEEwP6A9oDuGOWh0dHA6Ly9JbmRDMURpZ2l0YWxJRC1jcmwudmVyaXNpZ24uY29tL0luZEMxRGlnaXRhbElELmNybDANBgkqhkiG9w0BAQUFAAOCAQEAHbEsHsaKt3O4OUlcec2BOe+MAP4eGW5X494WdegnLEW4tlAxZvctmLeGr0VRXMtF1JumpTLQcdQvUFp15N2+RDa1PrMFrkrCz9BdextE/7mykda0DzsAvbroqHbsu3tZOhnE7T61ZxtBuXOC0jChphl96yDn8NxvebCwcApB46oeKSbAFT21HRIWGiCo1QaMvB390MzFfOFfft1oHivREyIjgXNyAUSTunj/rQhodTnQRVdRuVwa5KSUErWOnNFM2uuXaF/vJqVRX2QR6zr+S+JGbw3ykc/7zkixEBbkSv3wOTh7BmsXRzRvLcaD92ifxOqFxWHQxIqMSxsbJ6WyPQ==