Overview 
This month, Microsoft released 9 patches that repair a total of 16 vulnerabilities. Of these vulnerabilities, there were 6 remote code execution vulnerabilities, 6 elevation of privilege vulnerabilities, and 4 information disclosure vulnerabilities.

As always, BeyondTrust suggests that all users apply Microsoft patches as fast as possible, preferably after testing the impact on internal applications and network continuity. For those who would like further information regarding the potential risks and remediation requirements of the patches announced today, please consider attending tomorrow's Vulnerability Expert Forum hosted by the BeyondTrust Security Research Team. Register Now >>

Web Event:

Vulnerability Expert Forum (VEF)

 

Presenters:

The BeyondTrust Research Team

 

Date/Time: 

Wednesday, July 11th 

1pm PT / 4pm ET / 9pm GMT
 

Register for Webinar >>

MS12-043
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479)
Microsoft Rating: Critical
CVE: CVE-2012-1889

Analysis
This bulletin addresses a publicly disclosed remote code execution vulnerability in Microsoft XML Core Services. The patch fixes a memory corruption vulnerability that occurs when MSXML tries to access an in-memory object that has not been properly initialized. An attacker that successfully exploited this vulnerability could execute code on the target machine with user level rights. Note: public exploit code has been released that reliably exploits this vulnerability. Additionally, popular exploit toolkits have added exploits for this vulnerability to their collections.

Recommendations
Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, install the Microsoft Fix it solution (support.microsoft.com/kb/2722479), which will mitigate the attack vector for MSXML 5.0. Additionally, block/disable Active Scripting in both Internet and Local intranet zones, and set a killbit on the vulnerable MSXML 5.0 GUID (88d969e5-f192-11d4-a65f-0040963251e5) in the registry.


MS12-044
Cumulative Security Update for Internet Explorer (2719177)
Microsoft Rating: Critical
CVE List: CVE-2012-1522 and CVE-2012-1524

Analysis
This bulletin addresses 2 privately reported vulnerabilities, both of which are remote code execution vulnerabilities in Internet Explorer. The patch fixes 2 use-after-free vulnerabilities that occur when Internet Explorer tries to use in-memory objects that have been deleted. An attacker that successfully exploited this vulnerability could execute code on the target machine with user level rights.

Recommendations
Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, block ActiveX controls and block/disable Active Scripting in both Internet and Local intranet zones.


MS12-045
Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365)
Microsoft Rating: Critical
CVE: CVE-2012-1891

Analysis
This bulletin addresses a privately reported remote code execution vulnerability in Microsoft Data Access Components (MDAC). The patch fixes an uninitialized variable usage vulnerability that occurs when processing XML code. An attacker that successfully exploited this vulnerability would gain user level access to the target machine.

Recommendations
Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, block ActiveX controls and block/disable Active Scripting in both Internet and Local intranet zones.


MS12-046
Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960)
Microsoft Rating: Important
CVE List: CVE-2012-1854

Analysis
This bulletin addresses a publicly disclosed remote code execution vulnerability in Visual Basic for Applications. The patch fixes an insecure library loading vulnerability. An attacker that successfully exploited this vulnerability would gain user level access to the target machine.

Recommendations


MS12-047
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2718523)
Microsoft Rating: Important
CVE: CVE-2012-1890 and CVE-2012-1893

Analysis
This bulletin addresses a publicly disclosed and a privately reported vulnerability, both of which are elevation of privilege vulnerabilities in Windows Kernel-Mode Drivers. The patch fixes how win32k.sys loads keyboard layout files and also fixes how the kernel validates parameters that are used in the creation of a hook procedure. A local attacker that successfully exploited this vulnerability would be able to elevate their privileges to system level.

Recommendations
Deploy patches as soon as possible; no mitigation is available.


MS12-048
Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442)
Microsoft Rating: Important
CVE List: CVE-2012-0175

Analysis
This bulletin addresses a privately reported remote code execution vulnerability in Windows Shell. The patch fixes how the shell handles specially crafted filenames and directories. An attacker that successfully exploited this vulnerability would gain user level access to the target machine.

Recommendations
Deploy patches as soon as possible; no mitigation is available.


MS12-049
Vulnerability in TLS Could Allow Information Disclosure (2655992)
Microsoft Rating: Important
CVE List: CVE-2012-1870

Analysis
This bulletin addresses a publicly disclosed information disclosure vulnerability in Transport Layer Security (TLS). The patch fixes a design flaw in the TLS protocol, specifically when the Cipher-block chaining operating mode is used. An attacker that successfully exploited this vulnerability would be able to decrypt encrypted traffic that has been intercepted by the attacker.

Recommendations
Deploy patches as soon as possible; no mitigation is available for Windows XP or Server 2003 systems. Until the patch can be installed, increase the priority of the RC4 algorithm on any server software running on Vista, Server 2008, 7, or Server 2008 R2.


MS12-050
Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)
Microsoft Rating: Important
CVE List: CVE-2012-1858, CVE-2012-1859, CVE-2012-1860, CVE-2012-1861, CVE-2012-1862 and CVE-2012-1863

Analysis
This bulletin addresses 1 publicly disclosed and 5 privately reported elevation of privilege vulnerabilities in SharePoint. The patch fixes multiple cross-site scripting vulnerabilities, information disclosure vulnerabilities, and elevation of privilege vulnerabilities. An attacker that successfully exploited the elevation of privilege vulnerabilities would gain the ability to execute actions on behalf of the user currently signed onto the SharePoint server.

Recommendations
Deploy patches as soon as possible; no mitigation is available.


MS12-051
Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015)
Microsoft Rating: Important
CVE List: CVE-2012-1894

Analysis
This bulletin addresses a publicly disclosed elevation of privilege vulnerability in Microsoft Office for Mac 2011. The patch fixes an issue with the directory permissions of certain Microsoft Office folders, which do not properly restrict write access. A local attacker that successfully exploited this vulnerability would gain the same permissions as any user that launched Office for Mac on the target machine.

Recommendations
Deploy patches as soon as possible. Until the patch can be installed, use chmod to restrict others from writing to the affected folders.