Published: 2009-02-12T02:04+00:00
Last Updated: 2009-02-23T11:10+00:00
JVNTR-2009-05
Microsoft Updates for Multiple Vulnerabilities (TA09-041A)
Overview
Microsoft has released updates that address vulnerabilities in Microsoft Windows and Windows Server.
Event Information
| Date (UTC) | Description |
| 2009-02-19 21:02 |
SANS Internet Storm Center MS09-002, XML/DOC and initial infection vector |
| 2009-02-18 20:20 |
SANS Internet Storm Center MS09-002 exploit in the wild (Version: 2) Several AV vendors reported about MS09-002 exploits in the wild. We can confirm this - the exploit for the CVE-2009-0075 vulnerability (Uninitialized Memory Corruption) in Internet Explorer 7 is definitely in the wild and working as charm on an unpatched Windows XP machine. |
| 2009-02-17 20:25 |
US-CERT Active Exploitation of Microsoft Internet Explorer 7 Vulnerability US-CERT Current Activity US-CERT is aware of a public report indicating active exploitation of a previously patched vulnerability in Microsoft Internet Explorer 7. This vulnerability was addressed in Microsoft Security Advisory MS09-002. Additional information is available in US-CERT Technical Cyber Security Alert TA09-041A. |
| 2009-02-11 03:40 |
JPCERT/CC JPCERT-AT-2009-0003: February 2009 Microsoft Security Bulletin (including two critical patches) |
| 2009-02-11 |
Trend Micro HTML_DLOADER.AS Exploit for CVE-2009-0075 |
| 2009-02-10 22:40 |
Microsoft MS09-FEB: Microsoft Security Bulletin Summary for February 2009 Included in this advisory are updates for newly discovered vulnerabilities. |
| 2009-02-10 21:51 |
Microsoft Microsoft Security Advisory (961040): Vulnerability in SQL Server Could Allow Remote Code Execution SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability (MS09-004, CVE-2008-5416) Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-004 to address this issue. |
| 2009-02-10 21:05 |
US-CERT TA09-041A: Microsoft Updates for Multiple Vulnerabilities Via US-CERT Mailing List |
| 2009-02-10 19:46 |
SANS Internet Storm Center February Black Tuesday Overview Overview of the February 2009 Microsoft patches and their status. |
| 2009-02-10 19:37 |
US-CERT Microsoft Releases February Security Bulletin Summary US-CERT Current Activity Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Internet Explorer, Exchange Server, and SQL Server as part of the Microsoft Security Bulletin Summary for February 2009. These vulnerabilities may allow an attacker to execute arbitrary code. |
| 2009-02-10 19:09 |
Symantec ThreatCON (1) => (2) Microsoft has released the February 2009 scheduled security bulletins and updates. We advise customers to install these updates as soon as possible. |
| 2009-02-10 |
IBM Internet Security Systems Microsoft Exchange Server TNEF Remote Code Execution Microsoft Exchange Server could allow a remote attacker to execute arbitrary code on the system. |
| 2009-02-05 21:07 |
Microsoft MS09-FEB: Microsoft Security Bulletin Advance Notification for February 2009 Included in this advisory are updates for newly discovered vulnerabilities. |
| 2008-12-23 06:59 |
Microsoft Microsoft Security Advisory (961040): Vulnerability in SQL Server Could Allow Remote Code Execution Advisory published. Microsoft is investigating new public reports of a vulnerability that could allow remote code execution on systems with supported editions of Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon). |
| 2008-10-15 |
Zero Day Initiative (ZDI) ZDI-09-012: Microsoft Internet Explorer Malformed CSS Memory Corruption Vulnerability CSS Memory Corruption Vulnerability (MS09-002, CVE-2009-0076) Vulnerability Reported The specific flaw exists when processing, in XHTML strict mode, a CSS stylesheet containing a specific combination of style directives one of which must be a 'zoom'. The fault in processing results in a memory corruption vulnerability which can be leveraged to execute arbitrary code under the context of the current user. |
| 2008-09-23 |
Zero Day Initiative (ZDI) ZDI-09-011: Microsoft Internet Explorer CFunctionPointer Memory Corruption Vulnerability Uninitialized Memory Corruption Vulnerability (MS09-002, CVE-2009-0075) Vulnerability Reported The specific flaw exists in the handling of document objects. When an object is appended and deleted in a specific order memory corruption occurs. Successful exploitation leads to remote compromise of the affected system under the credentials of the currently logged in user. |