Published: 2008-04-13T22:02+00:00
Last Updated: 2008-05-07T08:00+00:00
TRTA08-099A
Microsoft Updates for Multiple Vulnerabilities
Overview
Microsoft has released updates that address vulnerabilities in Microsoft Windows, Internet Explorer, and Office.
Event Information
Date (UTC) | Description |
2008-04-28 |
Bugtraq MS Windows XP SP2 (win32k.sys) Privilege Escalation Exploit (MS08-025) Vulnerability Proof Of Concept (Windows Kernel Vulnerability - MS08-025) #Cid: 2008-ms08-25-exploit.zip #Cid: 28554.zip #Tested: Windows XP SP2 |
2008-04-14 |
Bugtraq MS Windows GDI Image Parsing Stack Overflow Exploit (MS08-021) Vulnerability Proof Of Concept (GDI stack Overflow Vulnerability - MS08-021) #Cid: 28570.cpp #Cid: 2008-exploit_08021.zip #Tested: Windows XP SP2 #Tested: cpe:/o:microsoft:windows_xp::sp2 |
2008-04-14 |
Bugtraq MS Windows GDI (EMR_COLORMATCHTOTARGETW) Exploit MS08-021 Vulnerability Proof Of Concept (GDI stack Overflow Vulnerability - MS08-021) #Cid: 2008-Gdi.tgz #Cid: 28570-Gdi.tgz #Tested: Windows XP PRO SP1 #Tested: cpe:/o:microsoft:windows_xp::sp1:professional |
2008-04-11 19:03 |
US-CERT Active Exploitation of GDI Vulnerabilities US-CERT Current Activity US-CERT is following public reports indicating that attackers are attempting to exploit vulnerabilities in GDI. These vulnerabilities are due to buffer overflow conditions that exist in the processing of EMF and WMF image files. By convincing a user to open a specially crafted EMF or WMF file, a remote attacker may be able to execute arbitrary code. These vulnerabilities were addressed in Microsoft Security Bulletin MS08-021. Users who have not applied this patch are vulnerable. |
2008-04-11 15:21 |
Arbor Networks Elevated ATLAS Threat Index - GDI Exploits in the Wild The ATLAS Threat Index is used to track global security issues as a barometer, and we're raising the index (something we don't do very often). We are doing so because see evidence that the GDI vulnerability - MS08-021 - is being exploited in the wild. We have not yet seen widespread attacks, but we anticipate that this attack vector will grow in popularity in the coming days, similar to the WMF and ANI attack vectors in the past couple of years. |
2008-04-11 14:01 |
SANS Internet Storm Center Symantec Threatcon Level 2 It appears that Symantec has raised the Threatcon to Level 2 this afternoon. |
2008-04-10 20:51 |
Symantec ThreatCON (2) => (2) We have observed in-the-wild exploit attempts targeting MS08-021. Currently the attacks appear to be unsuccessful. Users are advised to apply the available patches as soon as possible. |
2008-04-10 13:12 |
Symantec Attempt at Exploiting Latest GDI Vulnerability Found in the Wild GDI Overflow Vulnerability (MS08-021) It has been less than two days since Microsoft announced a couple of vulnerabilities in graphics device interface (GDI) EMF formatted images, but our DeepSight honeypots are already showing some signs of exploitation in the wild. Although the exploits that we have seen so far do not yet appear to be functional, they appear to have the right general idea in their exploitation. It is possible that these exploits either have been leaked and are "in-work" copies, or that they are functional on some platform that we have not tested. |
2008-04-10 |
Bugtraq MS08-025 Local Privilege Escalation Vulnerability Exploit(POC) Vulnerability Proof Of Concept (Windows Kernel Vulnerability - MS08-025) #Cid: 28554-PoC.c |
2008-04-10 |
Symantec Trojan.Emifie GDI stack Overflow Vulnerability (MS08-021, CVE-2008-1087) |
2008-04-09 02:14 |
JPCERT/CC JPCERT-AT-2008-0006: Apr 2008 Microsoft Security Bulletin (including five critical patches) |
2008-04-08 20:11 |
Symantec ThreatCON (1) => (2) Microsoft released five 'critical' and three 'important' security bulletins for April 2008. Patches are available. None of these vulnerabilities have been seen in the wild. |
2008-04-08 18:56 |
US-CERT TA08-099A: Microsoft Updates for Multiple Vulnerabilities Via US-CERT Mailing List |
2008-04-08 18:33 |
Microsoft MS08-APR: Microsoft Security Bulletin Summary for April 2008 Included in this advisory are updates for newly discovered vulnerabilities. |
2008-04-08 18:33 |
US-CERT Microsoft Releases April Security Bulletin US-CERT Current Activity Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, and Internet Explorer as part of the Microsoft Security Bulletin Summary for April 2008. These vulnerabilities could allow an attacker to execute arbitrary code, access the system with elevated privileges, or redirect internet traffic. |
2008-04-08 17:42 |
SANS Internet Storm Center April 2008 - Black Tuesday Overview Overview of the April 2008 Microsoft patches and their status. |
2008-04-08 |
IBM Internet Security Systems Microsoft GDI Remote Code Execution GDI Heap Overflow Vulnerability (MS08-021, CVE-2008-1083) GDI stack Overflow Vulnerability (MS08-021, CVE-2008-1087) Microsoft Windows graphic device interface (GDI) is vulnerable to multiple buffer overflows. |
2008-04-08 |
IBM Internet Security Systems Microsoft Internet Explorer File Registered Viewer Code Execution Data Stream Handling Memory Corruption Vulnerability (MS08-024, CVE-2008-1085) Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system. |
2008-02-07 |
Zero Day Initiative (ZDI) ZDI-08-008: Microsoft GDI WMF Parsing Heap Overflow Vulnerability GDI Heap Overflow Vulnerability (MS08-021, CVE-2008-1083) Vulnerability Reported This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a user must open a malicious file or visit a malicious web page. |
2007-12-17 |
iDefense Microsoft Windows Graphics Rendering Engine Heap Buffer Overflow Vulnerability GDI Heap Overflow Vulnerability (MS08-021, CVE-2008-1083) Vulnerability Reported The vulnerability occurs when parsing a maliciously crafted EMF file. When performing an arithmetic operation that calculates the size of a heap buffer the code incorrectly assumes that the color depth is a fixed size. By specifying a different color depth, it is possible to trigger a heap based buffer overflow. |
2007-12-17 |
iDefense Microsoft Windows Graphics Rendering Engine Integer Overflow Vulnerability GDI Heap Overflow Vulnerability (MS08-021, CVE-2008-1083) Vulnerability Reported The vulnerability occurs when parsing a header structure in an EMF file that describes a bitmap contained in the file. Several values from this header are used in an arithmetic operation that calculates the number of bytes to allocate for a heap buffer. This calculation can overflow, which results in an undersized heap buffer being allocated. This buffer is then overflowed with data from the file. |
2007-11-13 15:17 |
Trusteer Ltd. Microsoft Windows DNS Stub Resolver Cache Poisoning DNS Spoofing Attack Vulnerability (MS08-020) Windows DNS stub resolver queries are predictable - i.e. that the source UDP port and DNS transaction ID can be effectively predicted. A predictability algorithm is described that, in optimal conditions, provides very few guesses for the "next" query, thereby overcoming whatever protection offered by the transaction ID mechanism. This enables a much more effective DNS client poisoning than the currently known attacks against Windows DNS stub resolver. |
2006-12-12 |
iDefense Microsoft HxTocCtrl ActiveX Control Invalid Param Heap Corruption Vulnerability ActiveX Object Memory Corruption Vulnerability (MS08-023, CVE-2008-1086) Vulnerability Reported Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Microsoft Help 2.5 ActiveX control allows an attacker to execute arbitrary code with the privileges of the logged-on user. |