Hello, welcome to this month’s blog on the Microsoft patch release. This is an average month—the vendor is releasing six bulletins covering a total of 11 vulnerabilities.
Seven of this month's issues are rated ‘Critical’ and they affect Internet Explorer, .NET, and Windows. The remaining issues affect Internet Explorer, Windows, Forefront Unified Access Gateway, and Office.
As always, customers are advised to follow these security best practices:
- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or questionable sources.
- Never visit sites of unknown or questionable integrity.
- Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft’s summary of the April releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms12-apr
The following is a breakdown of the issues being addressed this month:
-
MS12-023 Cumulative Security Update for Internet Explorer (2675157)
CVE-2012-0168 (BID 52889) Microsoft Internet Explorer CVE-2012-0168 Print Feature Remote Code Execution Vulnerability (MS Rating: Moderate; Symantec Urgency Rating: 7.1/10)
A remote code-execution vulnerability affects Internet Explorer when attempting to print a specially crafted HTML page. An attacker can exploit this issue by tricking an unsuspecting victim into printing a specially crafted webpage. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
CVE-2012-0169 (BID 52902) Microsoft Internet Explorer CVE-2012-0169 JScript9 Remote Code Execution Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 7.1/10)
A remote code-execution vulnerability affects Internet Explorer when it attempts to access an object that has not been properly deleted. An attacker can exploit this issue by tricking an unsuspecting victim into printing a specially crafted webpage. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
CVE-2012-0170 (BID 52904) Microsoft Internet Explorer CVE-2012-0170 OnReadyStateChange Remote Code Execution Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 7.1/10)
A remote code-execution vulnerability affects Internet Explorer when it attempts to access an object that has not been properly deleted. An attacker can exploit this issue by tricking an unsuspecting victim into printing a specially crafted webpage. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
CVE-2012-0171 (BID 52905) Microsoft Internet Explorer CVE-2012-0171 SelectAll Remote Code Execution Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 7.1/10)
A remote code-execution vulnerability affects Internet Explorer when it attempts to access an object that has not been properly deleted. An attacker can exploit this issue by tricking an unsuspecting victim into printing a specially crafted webpage. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
CVE-2012-0172 (BID 52906) Microsoft Internet Explorer CVE-2012-0172 VML Style Remote Code Execution Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 7.1/10)
A remote code-execution vulnerability affects Internet Explorer when it attempts to access an object that has not been properly deleted. An attacker can exploit this issue by tricking an unsuspecting victim into printing a specially crafted webpage. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
-
MS12-025 Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2671605)
CVE-2012-0163 (BID 52921) Microsoft .NET Framework Parameter Validation Remote Code Execution Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 7.1/10)
A remote code-execution vulnerability affects .NET due to improper parameter validation. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a specially crafted web page. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
-
MS12-024 Vulnerability in Windows Could Allow Remote Code Execution (2653956)
CVE-2012-0151 (BID 52868) Microsoft Windows Authenticode Signature Verification Function Remote Code Execution Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 7.1/10)
A remote code-execution vulnerability affects the Windows Authenticode Signature Verification function because of a failure to detect modifications to signed Portable Executable (PE) files. An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially modified PE file. Successful exploits would result in the execution of arbitrary attacker-supplied code in the context of the user opening the file.
-
MS12-027 Vulnerability in MSCOMCTL.OCX Could Allow Remote Code Execution (2664258)
CVE-2012-0158 (BID 52911) Microsoft Windows Common Controls ActiveX Control Remote Code Execution Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 8.5/10)
A remote code-execution vulnerability affects the MSCOMCTL.OCX ActiveX control. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a specially crafted web page. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
-
MS12-026 Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860)
CVE-2012-0146 (BID 52903) Microsoft Forefront Unified Access Gateway URI Open Redirection Vulnerability (MS Rating: Moderate; Symantec Urgency Rating: 6.4/10)
An HTTP redirect vulnerability affects Forefront Unified Access Gateway (UAG) when handling specially crafted URIs. An attacker can exploit this issue by tricking an unsuspecting victim into following a malicious URI. Successful exploits may aid in spoofing attacks as the victim is redirected to an attacker-controlled site
CVE-2012-0147 (BID 52909) Microsoft Forefront Unified Access Gateway Information Disclosure Vulnerability (MS Rating: Important; Symantec Urgency Rating: 6.7/10)
An information-disclosure vulnerability affects Microsoft Unified Access Gateway (UAG). The problem occurs because the application improperly allows external traffic to the default website. A remote attacker can exploit this issue to retrieve potentially sensitive information from the application website.
-
MS12-028 Vulnerability in Microsoft Office Could Allow for Remote Code Execution (2639185)
CVE-2012-0177 (BID 52867) Microsoft Office Works File Converter (CVE-2012-0177) Heap Based Buffer Overflow Vulnerability (MS Rating: Important; Symantec Urgency Rating: 7.1/10)
A remote code-execution vulnerability affects Office Works File Converter when handling specially crafted ‘.wps’ files. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the user opening the file.
More information on the vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal and to our customers through the DeepSight Threat Management System.