Microsoft Patch Tuesday – March 2012

March 13, 2012

Hello, welcome to this month’s blog on the Microsoft patch release. This is a smaller month—the vendor is releasing six bulletins covering a total of seven vulnerabilities.

Only one of this month's issues is rated ‘Critical’ and it affects the Remote Desktop Protocol. The remaining issues affect the Windows kernel, DNS Server, Expression, Visual Studio, and Windows.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the March releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms12-mar

The following is a breakdown of the issues being addressed this month:

  1. MS12-020 Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)

    CVE-2012-0002 (BID 52353) Microsoft Remote Desktop Protocol CVE-2012-0002 Remote Code Execution Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 8.2/10)

    A remote code execution vulnerability affects the Remote Desktop Protocol (RDP) due to a memory issue. An attacker can exploit this issue by sending a series of specially crafted packets to an affected service. Successful exploits will result in the complete compromise of affected computers.

    CVE-2012-0152 (BID 52354) Microsoft Remote Desktop Protocol Service CVE-2012-0152 Denial of Service Vulnerability (MS Rating: Important; Symantec Urgency Rating: 5.7/10)

    A remote denial-of-service vulnerability affects the Remote Desktop Protocol (RDP) due to the way it handles certain packets. An attacker can exploit this issue by sending a series of specially crafted packets to an affected service. Successful exploits will cause the service to stop responding, effectively denying service.

  2. MS12-022 Vulnerability in Expression Design Could Allow Remote Code Execution (2651018)

    CVE-2012-0016 (BID 52375) Microsoft Expression 'wintab32.dll' DLL Loading Arbitrary Code Execution Vulnerability (MS Rating: Important; Symantec Urgency Rating: 8.5/10)

    A remote code-execution vulnerability affects Expression Design due to the way it loads DLL files. An attacker can exploit this issue by tricking an unsuspecting victim into opening a file associated with the application from a remote WebDAV or SMB share. Successful exploits will result in the execution of arbitrary attacker-supplied data in the context of the currently logged-in user.

  3. MS12-017 Vulnerability in DNS Server Could Allow Denial of Service (2647170)

    CVE-2012-0006 (BID 52374) Microsoft Windows DNS Server (CVE-2012-0006) Remote Denial of Service Vulnerability (MS Rating: Important; Symantec Urgency Rating: 7.1/10)

    A denial-of-service vulnerability affects DNS service due to how it looks up a resource record of a domain. An attacker can exploit this issue by sending a specially crafted DNS query to an affected server. Successful exploits will cause the affected server to stop responding, effectively denying service.

  4. MS12-021 Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019)

    CVE-2012-0008 (BID 52329) Microsoft Visual Studio Add-In Local Privilege Escalation Vulnerability (MS Rating: Important; Symantec Urgency Rating: 6.6/10)

    A local privilege-escalation vulnerability affects Visual Studio due to how it loads certain add-ins. An attacker can exploit this issue by placing a specially crafted add-in in the path of Visual Studio. When the application is run by another user, the attacker-supplied add-in will run with the privileges of the victim.

  5. MS12-019 Vulnerability in DirectWrite Could Allow Denial of Service (2665364)

    CVE-2012-0156 (BID 52332) Microsoft Windows 'DirectWrite' API Denial of Service Vulnerability (MS Rating: Moderate; Symantec Urgency Rating: 7.1/10)

    A denial-of-service vulnerability affects DirectWrite when it renders a sequence of specially crafted Unicode characters. An attacker can exploit this issue by hosting specially crafted Unicode content on a webpage or sending it through an instant message. Successful exploits will cause the targeted application to stop responding, effectively denying service.

  6. MS12-018 Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2641653)

    CVE-2012-0157 (BID 52317) Microsoft Windows Kernel 'Win32k.sys' (CVE-2012-0157) Local Privilege Escalation Vulnerability (MS Rating: Important; Symantec Urgency Rating: 6.6/10)

    A local privilege-escalation vulnerability affects the Windows kernel due to how it handles the PostMessage function. A local attacker can exploit this issue by running a specially crafted program. Successful exploits will result in the attacker-supplied code running with kernel-level privileges. This may facilitate a complete system compromise.

More information on the vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal and to our customers through the DeepSight Threat Management System.