 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Microsoft Patch Summary
April 10, 2012
Overview
This month, Microsoft released six bulletins that fix a total of eleven vulnerabilities. Of these vulnerabilities, there are nine remote code execution vulnerabilities and two information disclosure vulnerabilities.
Patch Precedence
Patch MS12-023, MS12-024, MS12-025, and MS12-027 immediately to prevent exploitation by attackers. Patch MS12-026 and MS12-028 as soon as possible.
As always, eEye suggests that all users apply Microsoft patches as fast as possible, preferably after testing the impact on internal applications and network continuity. For those who would like further information regarding the potential risks and remediation requirements of the patches announced today, please consider attending tomorrow's Vulnerability Expert Forum hosted by the eEye Security Research Team. Register Now >>
|
|
|
|
|
|
|
|
|
|
Web Event:
Vulnerability Expert Forum (VEF)
Presenters:
The eEye Research Team
Date/Time:
Wednesday, April 11th
1pm PT / 4pm ET / 9pm GMT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Bulletin/Advisory Details
MS12-023
Cumulative Security Update for Internet Explorer (2675157)
Microsoft Rating: Critical
CVE: CVE-2012-0168, CVE-2012-0169, CVE-2012-0170, CVE-2012-0171, and CVE-2012-0172
Analysis
This bulletin addresses five privately reported remote code execution vulnerabilities in Internet Explorer. The patch fixes a print feature, JScript9, the OnReadyStateChange function, the SelectAll function, and an issue with VML styles. An attacker that successfully exploited one of these vulnerabilities would gain user level access to the target machine.
Recommendations
Install the patch immediately to prevent exploitation by attackers, since no mitigation is available for CVE-2012-0168. Until the patch can be installed, block ActiveX controls and block/disable Active Scripting in both Internet and Local intranet zones.
MS12-024
Vulnerability in Windows Could Allow Remote Code Execution (2653956)
Microsoft Rating: Critical
CVE: CVE-2012-0151
Analysis
This bulletin addresses a privately reported remote code execution vulnerability in Microsoft Windows. The patch fixes how the validation routine of the Windows Authentication Signature Verification mechanism checks the digest of certain PE files. An attacker that successfully exploited this vulnerability would be able to make a malicious PE file appear to be legitimate. This could be used to more easily convince users to trust and execute malicious PE files.
Recommendations
Install the patch immediately to prevent exploitation by attackers, since no mitigation is available.
MS12-025
Vulnerability in .NET Framework Could Allow Remote Code Execution (2671605)
Microsoft Rating: Critical
CVE: CVE-2012-0163
Analysis
This bulletin addresses a privately reported remote code execution vulnerability in the .NET Framework. The patch fixes how the .NET Framework validates parameters that are passed to a function. An attacker that successfully exploited this vulnerability would gain access to the target machine under the context of the exploited .NET Framework application, such as user context for web browsers that run a malicious XAML application.
Recommendations
Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, block XAML browser applications from running in Internet Explorer.
MS12-026
Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860)
Microsoft Rating: Important
CVE: CVE-2012-0146 and CVE-2012-0147
Analysis
This bulletin addresses two privately reported information disclosure vulnerabilities in Forefront Unified Access Gateway (UAG). The patch fixes a blind HTTP redirect vulnerability that would allow an attacker to spoof a UAG interface, which would be useful in a scenario where an attacker could harvest usernames and passwords from unsuspecting users that thought that they were logging into a real UAG interface. The patch also fixes an information disclosure vulnerability that exists with default UAG websites, which would allow an attacker to access data on the site from an external location.
Recommendations
Deploy patches as soon as possible; no mitigation is available.
MS12-027
Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)
Microsoft Rating: Critical
CVE: CVE-2012-0158
Analysis
This bulletin addresses a privately reported remote code execution vulnerability in Windows Common Controls. Limited attacks that exploit this vulnerability have been reported. The patch fixes MSCOMCTL.OCX, which allows system state corruption when being used in Internet Explorer in certain circumstances. An attacker that successfully exploited this vulnerability would gain user level access to the target machine.
Recommendations
Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, use the registry to set killbits for the vulnerable controls. Additionally, do not open any Microsoft Office or Rich Text Format documents that come from untrusted sources.
MS12-028
Vulnerability in Microsoft Office Could Allow Remote Code Execution (2639185)
Microsoft Rating: Important
CVE: CVE-2012-0177
Analysis
This bulletin addresses a privately reported remote code execution vulnerability in Microsoft Office. The patch fixes heap overflow vulnerability that occurs when parsing specially crafted .WPS files. An attacker that successfully exploited this vulnerability would gain user level access to the target machine.
Recommendations
Deploy patches as soon as possible. Until the patch can be applied, do not open Works files (.WPS extension) that come from untrusted sources.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Feedback
The eEye staff welcomes any comments, questions or suggestions from our readers. We hope that you will not hesitate to contact us with any feedback you may have. Send all feedback to products@eeye.com.
Disclaimer
The information within this advisory may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.
Notice
Permission is hereby granted for the redistribution of this newsletter electronically. It is not to be edited in any way without the express consent of eEye. If you wish to reprint the whole or any part of this newsletter in any other medium excluding electronic medium, please email products@eeye.com for permission. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|