MS12-052
Cumulative Security Update for Internet Explorer (2722913)
Microsoft Rating: Critical
CVE: CVE-2012-1526, CVE-2012-2521, CVE-2012-2522, and CVE-2012-2523
Analysis
This bulletin addresses 4 privately reported remote code execution vulnerabilities in Internet Explorer. The patch fixes memory corruption vulnerabilities that occur when Internet Explorer attempts to access an object that has not been initialized or has already been deleted, or accesses a corrupted virtual function table. An attacker that successfully exploited these vulnerabilities would gain user level access to the target machine.
Recommendations
Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, block ActiveX controls and block/disable Active Scripting in both Internet and Local intranet zones.
MS12-053
Vulnerability in Remote Desktop Could Allow Remote Code Execution (2723135)
Microsoft Rating: Critical
CVE List: CVE-2012-2526
Analysis
This bulletin addresses a privately reported remote code execution vulnerability in Windows XP SP3. The patch fixes a use-after-free vulnerability that occurs when the Remote Desktop Protocol accesses an object in memory that has already been deleted. An attacker that successfully exploited this vulnerability would gain System level access to the target machine.
Recommendations
Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, block TCP port 3389 at the perimeter firewall. Additionally, disable Remote Desktop if the service is no longer used.
MS12-054
Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution (2733594)
Microsoft Rating: Critical
CVE: CVE-2012-1850, CVE-2012-1851, CVE-2012-1852, and CVE-2012-1853
Analysis
This bulletin addresses 4 privately reported vulnerabilities composed of 1 denial of service vulnerability and 3 remote code execution vulnerabilities in Windows XP through 7, and Windows Server 2003 through 2008 R2. The patch fixes multiple memory corruption vulnerabilities that occur when Windows networking components mishandle specially crafted requests and responses. An attacker that successfully exploited these vulnerabilities would gain System level access to the target machine.
Recommendations
Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, disable the Print Spooler service if printing is not used.
MS12-055
Vulnerability in Windows Kernal-Mode Drivers Could Allow Elevation of Privilege (2731847)
Microsoft Rating: Important
CVE List: CVE-2012-2527
Analysis
This bulletin addresses a privately reported elevation of privilege vulnerability in Windows XP through 7, and Windows Server 2003 through 2008 R2. The patch fixes a memory vulnerability that occurs when the Windows kernel-mode driver mishandles objects in memory. A local attacker that successfully exploited this vulnerability would gain kernel level access to the target machine.
Recommendations
Deploy patches as soon as possible; no mitigation is available.
MS12-056
Vulnerability in JScript and VBScript Engines Could Allow Remote Code Execution (2706045)
Microsoft Rating: Important
CVE: CVE-2012-2523
Analysis
This bulletin addresses a privately reported remote code execution vulnerability in 64-bit versions of Windows XP, Server 2003, Vista, 7 and Server 2008. The patch fixes a memory corruption vulnerability that occurs when the JScript engine miscalculates the size of an object in memory that is later used in a copy operation. An attacker that successfully exploited this vulnerability would gain user level access to the target machine.
Recommendations
Deploy patches as soon as possible. Until the patch can be installed, configure Internet Explorer to run in 32-bit mode, or block ActiveX controls and block/disable Active Scripting in both Internet and Local intranet zones.
MS12-057
Vulnerability in Microsoft Office Could Allow Remote Code Execution (2731879)
Microsoft Rating: Important
CVE List: CVE-2012-2524
Analysis
This bulletin addresses a privately reported remote code execution vulnerability in Microsoft Office 2007 and 2010. The patch fixes a memory corruption vulnerability that occurs when Office mishandles specially crafted CGM files. An attacker that successfully exploited this vulnerability would gain user level access to the target machine.
Recommendations
Deploy patches as soon as possible. Until the patch can be installed, do not open Office files that contain CGM files, or embed CGM files that came from untrusted sources.
MS12-058
Vulnerabilities in Microsoft Exchange Server WebReady Document Viewing Could Allow Remote Code Execution (2740358)
Microsoft Rating: Critical
CVE List: CVE-2012-1766, CVE-2012-1767, CVE-2012-1768, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, CVE-2012-3109, and CVE-2012-3110
Analysis
This bulletin addresses multiple publicly reported remote code execution vulnerabilities in Exchange 2007 and 2010. The patch fixes parsing vulnerabilities that occur when certain Oracle Outside In libraries are used to preview a document in the browser. An attacker that successfully exploited this vulnerability would gain LocalService level access to the target machine.
Recommendations
Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, disable WebReady document view.
MS12-059
Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2733918)
Microsoft Rating: Important
CVE List: CVE-2012-1888
Analysis
This bulletin addresses a privately reported remote code execution vulnerability in Visio. The patch fixes a memory corruption vulnerability that occurs when Visio mishandles memory when parsing specially crafted Visio files. An attacker that successfully exploited this vulnerability would gain user level access to the target machine.
Recommendations
Deploy patches as soon as possible. Until the patch can be installed, do not open Visio files that come from untrusted sources.
MS12-060
Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2720573)
Microsoft Rating: Critical
CVE List: CVE-2012-1856
Analysis
This bulletin addresses a privately reported remote code execution in Windows common controls, which is found in Office 2003 through 2010, SQL Server 2000 Analysis Services, SQL Server 2000 (except Itanium versions), SQL Server 2005 (excluding Express Edition except for Express Edition with Advanced Services), SQL Server 2008 and 2008 R2, Commerce Server 2002, 2007, 2009 and 2009 R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 and 9.0, and the Visual Basic 6.0 Runtime. The patch fixes a system state corruption vulnerability that occurs when a certain ActiveX control is used. An attacker that successfully exploited this vulnerability would gain user level access to the target machine. Note: reports indicate that this vulnerability has been exploited in the wild.
Recommendations
Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, set a kill bit, 1EFB6596-857C-11D1-B16A-00C0F0283628, to stop Internet Explorer from running the vulnerable ActiveX control, prevent ActiveX controls from running in Office 2007 and 2010, block Office 2003 and earlier files, or block ActiveX controls and block/disable Active Scripting in both Internet and Local intranet zones within Internet Explorer.