Microsoft Patch Tuesday – February 2012

Hello, welcome to this month’s blog on the Microsoft patch release. This is a larger month—the vendor is releasing 9 bulletins covering a total of 21 vulnerabilities.

Six of this month's issues are rated ‘Critical’ and they affect Internet Explorer, .NET, Windows, and GDI. The remaining issues affect Internet Explorer, Windows, Visio, and SharePoint.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the February releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms12-feb

The following is a breakdown of some of the issues being addressed this month:

  1. MS12-010 Cumulative Security Update for Internet Explorer (2647516)

    CVE-2012-0010 (BID 51931) Microsoft Internet Explorer Copy&Paste Operation Cross Domain Information Disclosure Vulnerability (MS Rating: Moderate; Symantec Urgency Rating: 6.7/10)

    A cross-domain information-disclosure vulnerability affects Internet Explorer during a copy and paste operation. An attacker can exploit this issue by tricking an unsuspecting victim into copying content from an attacker controlled page onto a target page. Information obtained may aid in further attacks.

    Affects: Internet Explorer 6, 7, 8, and 9

    CVE-2012-0011 (BID 51933) Microsoft Internet Explorer CVE-2012-0011 Remote Code Execution Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 7.1/10)

    A remote code-execution vulnerability affects Internet Explorer due to how it handles an object that has not been properly deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

    Affects: Internet Explorer 7, 8, and 9

    CVE-2012-0012 (BID 51932) Microsoft Internet Explorer Null Byte Handling Information Disclosure Vulnerability (MS Rating: Important; Symantec Urgency Rating: 6.7/10)

    An information-disclosure vulnerability affects Internet Explorer because it does not adequately protect process memory. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. Information obtained may aid in further attacks.

    Affects: Internet Explorer 9

    CVE-2012-0155 (BID 51935) Microsoft Internet Explorer Null Byte Handling Information Disclosure Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 7.1/10)

    A remote code-execution vulnerability affects Internet Explorer due to how it handles an object that has not been properly deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

    Affects: Internet Explorer 9

  2. MS12-016 Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026)

    CVE-2012-0014 (BID 51938) Microsoft Silverlight & .NET Framework Unmanaged Objects Remote Code Execution Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 7.5/10)

    A remote code-execution vulnerability affects Microsoft .NET Framework and Silverlight due to a failure to properly handle unmanaged objects. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. An attacker can also exploit this issue by uploading malicious code to a vulnerable server, possibly in a shared hosting environment. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user or the affected service, respectively.

    CVE-2012-0015 (BID 51940) Microsoft Silverlight & .NET Framework Heap Corruption Remote Code Execution Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 7.5/10)

    A remote code-execution vulnerability affects Microsoft .NET Framework and Silverlight due to a failure to properly calculate the size of a buffer. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. An attacker can also exploit this issue by uploading malicious code to a vulnerable server, possibly in a shared hosting environment. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user or the affected service, respectively.

  3. MS12-013 Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428)

    CVE-2012-0150 (BID 51913) Microsoft Windows 'Msvcrt.dll' Remote Buffer Overflow Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 7.1/10)

    A remote code-execution vulnerability affects the msvcrt DLL library file because it fails to properly bounds check user-supplied input. An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted media file. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

  4. MS12-008 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465)

    CVE-2011-5046 (BID 51122) Microsoft Windows 'win32k.sys' Remote Memory Corruption Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 9.2/10)

    A previously public (December 19, 2011) remote code-execution vulnerability affects the GDI component of the Windows kernel. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious web page or opening a malicious file. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the kernel. This could facilitate a complete system compromise.

    CVE-2012-0154 (BID 51920) Microsoft Windows Kernel 'Win32k.sys' Keyboard Layout Local Privilege Escalation Vulnerability (MS Rating: Important; Symantec Urgency Rating: 6.6/10)

    A local privilege-escalation vulnerability affects the Windows kernel because of how it manages certain keyboard layouts. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. This could facilitate a complete system compromise.

More information on the vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal, and to our customers through the DeepSight Threat Management System.