MS12-029
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)
Microsoft Rating: Critical
CVE: CVE-2012-0183
Analysis
This bulletin addresses a privately reported remote code execution vulnerability in Microsoft Word. The patch fixes a memory corruption vulnerability that occurs when Word parses certain RTF files. An attacker that successfully exploited this vulnerability would gain user level access to the target machine.
Recommendations
Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, read emails in plain text and use the Microsoft Office File Block Policy to block RTF documents that originate from potentially unsafe sources.
MS12-030
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2663830)
Microsoft Rating: Critical
CVE List: CVE-2012-0141, CVE-2012-0142, CVE-2012-0143, CVE-2012-0184, CVE-2012-0185, and CVE-2012-1847
Analysis
This bulletin addresses multiple remote code execution vulnerabilities in Microsoft Excel: 1 was publicly reported (CVE-2012-0143) and 5 were privately reported. The patch fixes multiple memory corruption vulnerabilities, a heap overflow vulnerability, and a parsing type mismatch, which all occur when a file is being parsed by Excel. An attacker that successfully exploited this vulnerability would gain user level access to the target machine.
Recommendations
Deploy patches as soon as possible. Until the patch can be applied, do not open files that are not from trusted sources. If files not from trusted sources must be opened, use MOICE. Additionally, block Excel 2003, 2007, and 2010 files if they fail validation.
MS12-031
Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2597981)
Microsoft Rating: Critical
CVE: CVE-2012-0018
Analysis
This bulletin addresses a privately reported remote code execution vulnerability in Microsoft Visio Viewer 2010. The patch fixes a memory corruption vulnerability that occurs when opening VSD files. An attacker that successfully exploited this vulnerability would gain user level access to the target machine.
Recommendations
Deploy patches as soon as possible. Until the patch can be installed, block ActiveX controls and block/disable Active Scripting in both Internet and Local intranet zones.
MS12-032
Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338)
Microsoft Rating: Critical
CVE List: CVE-2012-0174 and CVE-2012-0179
Analysis
This bulletin addresses a publicly reported elevation of privilege vulnerability and a privately reported firewall bypass vulnerability in the Windows TCP/IP implementation. The patch fixes a vulnerability that allows attackers to bypass outbound firewall rules in the Windows Firewall. Additionally, the patch fixes a vulnerability arising from an issue regarding binding IPv6 addresses to a local interface. An attacker that successfully exploited the binding vulnerability would gain system level access to the target machine.
Recommendations
Deploy patches as soon as possible; no mitigation is available.
MS12-033
Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533)
Microsoft Rating: Critical
CVE: CVE-2012-0178
Analysis
This bulletin addresses a privately reported elevation of privilege vulnerability in the Windows Partition Manager. The patch fixes how the Partition Manager handles device relations requests, which produces a vulnerable condition when two or more processes and/or threads call certain Plug and Play Configuration Manager functions simultaneously. A local attacker that successfully exploited this vulnerability would gain kernel level access to the target machine.
Recommendations
Deploy patches as soon as possible; no mitigation is available.
MS12-034
Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)
Microsoft Rating: Critical
CVE List: CVE-2011-3402, CVE-2012-0159, CVE-2012-0162, CVE-2012-0164, CVE-2012-0165, CVE-2012-0167, CVE-2012-0176, CVE-2012-0180, CVE-2012-0181, and CVE-2012-1848
Analysis
This bulletin addresses 3 publicly reported vulnerabilities (CVE-2012-0181, CVE-2012-0164, and CVE-2011-3402) and 7 privately reported vulnerabilities. These are composed of 6 remote code execution vulnerabilities, 3 elevation of privilege vulnerabilities, and 1 denial-of-service vulnerability. The patch fixes vulnerabilities in TrueType, the .NET Framework, GDI+, Silverlight, Windows and Messages handling, keyboard layout files, and scrollbar calculations. An attacker that successfully exploited the most severe of these vulnerabilities would gain the ability to execute remote code in the kernel's context.
Recommendations
Install the patch immediately to prevent exploitation by attackers, since no mitigation exists for CVE-2011-3402, CVE-2012-0164, CVE-2012-0180, CVE-2012-0181, or CVE-2012-1848. Until the patch can be installed, prevent access to t2embed.dll, block XAML browser applications from running in Internet Explorer, and prevent metafile processing. Additionally, prevent the Silverlight ActiveX control from running in Internet Explorer, and prevent Silverlight from running in Firefox and Chrome.
MS12-035
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777)
Microsoft Rating: Critical
CVE List: CVE-2012-0160 and CVE-2012-0161
Analysis
This bulletin addresses two privately reported remote code execution vulnerabilities in the .NET Framework. The patch fixes the serialization process within the .NET Framework, which incorrectly treats certain untrusted data as trusted data. The patch also fixes the way the .NET Framework handles an exception while serializing objects. An attacker that successfully exploited these vulnerabilities would be able to execute code in the context of the compromised .NET application.
Recommendations
Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, block partially trusted .NET applications and block XAML browser applications from running in Internet Explorer.