Microsoft Patch Tuesday – November 2012

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing six bulletins covering a total of 19 vulnerabilities. Seven of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the November releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms12-Nov

The following is a breakdown of the issues being addressed this month:

  1. MS12-075 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution

    Microsoft Windows Kernel Win32k Use After Free Vulnerability (CVE-2012-2530) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

    Microsoft Windows Kernel Win32k Use After Free Vulnerability (CVE-2012-2553) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

    Microsoft Windows Kernel Win32k Font Parsing Remote Code Execution Vulnerability (CVE-2012-2897) MS Rating: Critical

    A remote code execution vulnerability exists when Windows font parsing improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

  2. MS12-074 Vulnerabilities in .NET Framework Could Allow Remote Code Execution

    Microsoft .NET Framework Reflection Bypass Vulnerability (CVE-2012-1895) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that the .NET Framework validates the permissions of certain objects performing reflection. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

    Microsoft .NET Framework Code Access Security Info Disclosure Vulnerability (CVE-2012-1896) MS Rating: Important

    An information disclosure vulnerability exists in the Microsoft .NET Framework due to the improper sanitization of output when a function is called from partially trusted code.

    Microsoft .NET Framework Insecure Library Loading Vulnerability (CVE-2012-2519) MS Rating: Important

    A remote code execution vulnerability exists in the way that the Microsoft .NET Framework handles the loading of DLL files. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

    Microsoft .NET Framework Web Proxy Auto-Discovery Vulnerability (CVE-2012-4776) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the .Net Framework retrieves the default web proxy settings. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

    Microsoft .NET Framework WPF Reflection Optimization Vulnerability (CVE-2012-4777) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that the .Net Framework validates permissions for objects involved with reflection. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

  3. MS12-073 Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information Disclosure

    Microsoft IIS Password Information Disclosure Vulnerability (CVE-2012-2531) MS Rating: Moderate

    An information disclosure vulnerability exists when Microsoft Internet Information Services (IIS) fails to properly protect log files.

    Microsoft IIS FTP Service Remote Command Injection Vulnerability (CVE-2012-2532) MS Rating: Moderate

    An information disclosure vulnerability exists in the way that Microsoft Internet Information Services (IIS) FTP Service negotiates encrypted communications channels.

  4. MS12-071 Cumulative Security Update for Internet Explorer

    Microsoft Internet Explorer CFormElement Use-After-Free Vulnerability (CVE-2012-1538) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Microsoft Internet Explorer CTreePos Use-After-Free Vulnerability (CVE-2012-1539) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Microsoft Internet Explorer CTreeNode Use-After-Free Vulnerability (CVE-2012-4775) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

  5. MS12-076 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution

    Microsoft Excel 'SerAuxErrBar' Heap Overflow Remote Code Execution Vulnerability (CVE-2012-1885) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

    Microsoft Excel Memory Corruption Remote Code Execution Vulnerability (CVE-2012-1886) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

    Microsoft Excel SST Invalid Length Use After Free Remote Code Execution Vulnerability (CVE-2012-1887) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

    Microsoft Excel Stack Overflow Remote Code Execution (CVE-2012-2543) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

  6. MS12-072 Vulnerabilities in Windows Shell Could Allow Remote Code Execution

    Microsoft Windows Briefcase Integer Underflow Remote Code Execution Vulnerability (CVE-2012-1528) MS Rating: Critical

    A remote code execution vulnerability exists in Windows Briefcase. An attacker could exploit the vulnerability by convincing a user to open a specially crafted Windows Briefcase.

    Microsoft Windows Briefcase Integer Underflow Remote Code Execution Vulnerability (CVE-2012-1527) MS Rating: Critical

    A remote code execution vulnerability exists in Windows Briefcase. An attacker could exploit the vulnerability by convincing a user to open a specially crafted Windows Briefcase.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.