MS12-036
Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939)
Microsoft Rating: Critical
CVE: CVE-2012-0173
Analysis
This bulletin addresses 1 privately reported remote code execution vulnerability in Microsoft Remote Desktop Protocol. The patch fixes how Windows handles a maliciously crafted sequence of packets, which could cause a user-after-free condition to occur. A remote attacker that successfully exploited this vulnerability would gain system level access to the target machine.
Recommendations
Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, block port 3389 at the perimeter firewall. Additionally, disable Terminal Services, Remote Desktop, Remote Assistance, and Remote Web Workplace if these services are no longer used.
MS12-037
Cumulative Security Update for Internet Explorer (2699988)
Microsoft Rating: Critical
CVE List: CVE-2012-1523, CVE-2012-1858, CVE-2012-1872, CVE-2012-1873, CVE-2012-1874, CVE-2012-1875, CVE-2012-1876, CVE-2012-1877, CVE-2012-1878, CVE-2012-1879, CVE-2012-1880, CVE-2012-1881, and CVE-2012-1882
Analysis
This bulletin addresses 1 publicly disclosed vulnerability and 12 privately reported vulnerabilities, composing 9 remote code execution vulnerabilities and 4 information disclosure vulnerabilities in Internet Explorer. The patch fixes memory corruptions, cross-site scripting vulnerabilities, a character handling mechanism, a cross-domain access vulnerability, and an issue that allows reading from Internet Explorer's process memory. An attacker that successfully exploited one of the remote code execution vulnerabilities would gain user level access to the target machine.
Recommendations
Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, read emails in plain text, block ActiveX controls and block/disable Active Scripting in both Internet and Local intranet zones.
MS12-038
Vulnerability in .Net Framework Could Allow Remote Code Execution (2706726)
Microsoft Rating: Critical
CVE: CVE-2012-1855
Analysis
This bulletin addresses 1 privately reported remote code execution vulnerability in the .NET Framework. The patch fixes the way a certain function pointer is executed. An attacker that successfully exploited this vulnerability would gain user level access to the target machine.
Recommendations
Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, block XAML browser applications from running in Internet Explorer.
MS12-039
Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)
Microsoft Rating: Important
CVE List: CVE-2011-3402, CVE-2012-0159, CVE-2012-1849, and CVE-2012-1858
Analysis
This bulletin addresses 1 publicly reported vulnerability and 3 privately reported vulnerabilities, composing 3 remote code execution vulnerabilities and 1 information disclosure vulnerability in Microsoft Lync. The patch fixes 2 vulnerabilities related to TrueType font parsing, 1 insecure library loading vulnerability, and 1 cross-site scripting vulnerability. An attacker that successfully exploited any of the remote code execution vulnerabilities would gain user level access to the target machine.
Recommendations
Deploy patches as soon as possible; no mitigation is available for CVE-2011-3402, CVE-2012-0159, and CVE-2012-1858. Until the patch can be installed, CVE-2012-1849 can be mitigated by blocking ports 139 and 445 at the perimeter firewall, preventing the WebClient service from running, and preventing DLLs from being loaded from WebDAV and remote shares.
MS12-040
Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)
Microsoft Rating: Important
CVE: CVE-2012-1857
Analysis
This bulletin addresses 1 privately reported cross-site scripting vulnerability in Dynamics AX Enterprise Portal. The patch fixes an issue that would allow JavaScript to be run in the user's browser if the user had browsed to a malicious URL. This could lead to either information disclosure or elevation of the attacker's privileges. If the attacker successfully exploited this vulnerability, they would gain the ability to execute JavaScript with the target user's rights.
Recommendations
Deploy patches as soon as possible. Until the patch can be installed, enable the XSS filter in Internet Explorer (available in IE 8 and newer).
MS12-041
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilge (2709162)
Microsoft Rating: Important
CVE List: CVE-2012-1864, CVE-2012-1865, CVE-2012-1866, CVE-2012-1867, and CVE-2012-1868
Analysis
This bulletin addresses 5 privately reported elevation of privilege vulnerabilities in Windows Kernel-Mode drivers. The patch fixes elevation of privilege vulnerabilities that occur when loading TrueType fonts and when handling input from user mode. A local attacker that successfully exploited this vulnerability would gain kernel level access to the target machine.
Recommendations
Deploy patches at the earliest convenience; no mitigation is available.
MS12-042
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)
Microsoft Rating: Important
CVE List: CVE-2012-0217 and CVE-2012-1515
Analysis
This bulletin addresses 1 privately reported vulnerability and 1 publicly reported vulnerability, both of which are elevation of privilege vulnerabilities in the Windows Kernel. The patch fixes how the User Mode Scheduler handles a certain system request. It also fixes a part of the Windows Kernel that directly relates to Derek Soeder's VMware Backdoor ROM Overwrite vulnerability. A local attacker that successfully exploited either of these vulnerabilities would gain kernel level access to the target machine.
Recommendations
Deploy patches as soon as possible; no mitigation is available.