Microsoft Patch Tuesday – June 2012

Hello, welcome to this month’s blog on the Microsoft patch release. This is a larger month—the vendor is releasing seven bulletins covering a total of 27 vulnerabilities.

Ten of this month's issues are rated 'Critical' affecting Remote Desktop Protocol and Internet Explorer. The remaining issues affect .NET Framework, Office, and Dynamics AX.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available
  • Run all software with the least privileges required while still maintaining functionality
  • Avoid handling files from unknown or questionable sources
  • Never visit sites of unknown or questionable integrity
  • Block external access at the network perimeter to all key systems unless specific access is required

Microsoft’s summary of the June releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms12-jun

The following is a breakdown of the issues being addressed this month:

  1. MS12-036 Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939)

    CVE-2012-0173 (BID 53826) Remote Desktop Protocol Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 8.2/10)

    A remote code execution vulnerability exists in the way that the Remote Desktop Protocol accesses an object in memory that has been improperly initialized or has been deleted. An attacker who successfully exploited this vulnerability could run arbitrary code on the target system.

  2. MS12-037 Cumulative Security Update for Internet Explorer (2699988)

    CVE-2012-1523 (BID 53841) Center Element Remote Code Execution Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 7.1/10)

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    CVE-2012-1872 (BID 53843) EUC-JP Character Encoding Vulnerability (MS Rating: Moderate; Symantec Urgency Rating: 6.7/10)

    An information disclosure vulnerability exists in Internet Explorer that could allow script to perform cross-site scripting attacks. An attacker could exploit the vulnerability by inserting specially crafted strings in to a website, resulting in information disclosure when a user views the website.

    CVE-2012-1873 (BID 53844) Null Byte Information Disclosure Vulnerability (MS Rating: Important; Symantec Urgency Rating: 6.7/10)

    An information disclosure vulnerability exists in Internet Explorer that could allow an attacker to gain access and read Internet Explorer's process memory. An attacker could exploit the vulnerability by constructing a specially crafted Web page to allow information disclosure if a user viewed the Web page. An attacker who successfully exploits this vulnerability could view content from Internet Explorer's process memory.

    CVE-2012-1874 (BID 53845) Developer Toolbar Remote Code Execution Vulnerability (MS Rating: Important; Symantec Urgency Rating: 7.1/10)

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    CVE-2012-1875 (BID 53847) Same ID Property Remote Code Execution Vulnerability (MS Rating: Important; Symantec Urgency Rating: 7.1/10)

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    CVE-2012-1876 (BID 53848) Col Element Remote Code Execution Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 7.1/10)

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that does not exist. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    CVE-2012-1877 (BID 53866) Title Element Change Remote Code Execution Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 7.1/10)

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    CVE-2012-1878 (BID 53867) OnBeforeDeactivate Event Remote Code Execution Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 7.1/10)

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    CVE-2012-1879 (BID 53868) insertAdjacentText Remote Code Execution Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 7.1/10)

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an undefined memory location. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    CVE-2012-1880 (BID 53869) insertRow Remote Code Execution Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 7.1/10)

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    CVE-2012-1881 (BID 53870) OnRowsInserted Event Remote Code Execution Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 7.1/10)

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    CVE-2012-1882 (BID 53871) Scrolling Events Information Disclosure Vulnerability (MS Rating: Moderate; Symantec Urgency Rating: 6.7/10)

    An information disclosure vulnerability exists in Internet Explorer that could allow an attacker to gain access to information in another domain or Internet Explorer zone. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability could view content from another domain or Internet Explorer zone.

    CVE-2012-1858 (BID 53842) HTML Sanitization Vulnerability (MS Rating: Important; Symantec Urgency Rating: 6.7/10)

    An information disclosure vulnerability exists in the way that Internet Explorer handles content using specific strings when sanitizing HTML. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability could inflict cross-site scripting on the user, allowing the attacker to execute script in the user's security context against a site that is using the toStaticHTML API.

  3. MS12-038 Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)

    CVE-2012-1855 (BID 53861) .NET Framework Clipboard Unsafe Memory Access Remote Code Execution (MS Rating: Critical; Symantec Urgency Rating: 7.5/10)

    A remote code execution vulnerability exists in the Microsoft .NET Framework due to the improper execution of a function pointer. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

  4. MS12-040 Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)

    CVE-2012-1857 (BID 53863) XSS in Dynamic AX Enterprise Portal Vulnerability (MS Rating: Important; Symantec Urgency Rating: 7.1/10)

    A cross-site scripting vulnerability exists in the Microsoft Dynamics AX Enterprise Portal that could result in information disclosure or elevation of privilege if a user clicks a specially crafted URL containing malicious JavaScript elements. Due to the vulnerability, when the malicious JavaScript is echoed back to the user's browser, the resulting page could allow an attacker to issue Microsoft Dynamics AX Enterprise Portal commands in the context of the authenticated user on the targeted Microsoft Dynamics AX Enterprise Portal site.

  5. MS12-041 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162)

    CVE-2012-1864 (BID 53815) String Atom Class Name Handling Vulnerability (MS Rating: Important; Symantec Urgency Rating: 6.6 /10)

    An elevation of privilege vulnerability exists due to the way that Windows kernel-mode drivers manage kernel-mode driver objects. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

    CVE-2012-1865 (BID 53816) String Atom Class Name Handling Vulnerability (MS Rating: Important; Symantec Urgency Rating: 6.6/10)

    An elevation of privilege vulnerability exists due to the way that Windows kernel-mode drivers manage kernel-mode driver objects. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

    CVE-2012-1866 (BID 53817) Clipboard Format Atom Name Handling Vulnerability (MS Rating: Important; Symantec Urgency Rating: 6.6/10)

    An elevation of privilege vulnerability exists due to the way that Windows kernel-mode drivers manage kernel-mode driver objects. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

    CVE-2012-1867 (BID 53819) Font Resource Refcount Integer Overflow Vulnerability (MS Rating: Important; Symantec Urgency Rating: 6.6/10)

    An elevation of privilege vulnerability exists because the Windows kernel-mode drivers do not properly allocate memory when handling fonts. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

    CVE-2012-1868 (BID 53820) Race Condition in Win32k.sys Vulnerability (MS Rating: Important; Symantec Urgency Rating: 6.6/10)

    An elevation of privilege vulnerability exists in the Windows kernel due to the way that the kernel deals with specific thread creation attempts. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

  6. MS12-042 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)

    CVE-2012-0217 (BID 53856) User Mode Scheduler Memory Corruption Vulnerability (MS Rating: Important; Symantec Urgency Rating: 6.6/10)

    An elevation of privilege vulnerability exists in the way that the Windows User Mode Scheduler handles system requests. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

    CVE-2012-1515 (BID 52820) BIOS ROM Corruption Vulnerability (MS Rating: Important; Symantec Urgency Rating: 5.5/10)

    An elevation of privilege vulnerability exists in the way that Windows handles BIOS memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

  7. MS12-039 Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)

    CVE-2011-3402 (BID 50462) TrueType Font Parsing Vulnerability (MS Rating: Important; Symantec Urgency Rating: 9.2/10)

    A remote code execution vulnerability exists in the way that affected components handle shared content containing specially crafted TrueType fonts. The vulnerability could allow remote code execution if a user views shared content containing specially crafted TrueType fonts. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

    CVE-2012-0159 (BID 53335) TrueType Font Parsing Vulnerability (MS Rating: Important; Symantec Urgency Rating: 8.2/10)

    A remote code execution vulnerability exists in the way that affected components handle shared content containing specially crafted TrueType fonts. The vulnerability could allow remote code execution if a user views shared content containing specially crafted TrueType fonts. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

    CVE-2012-1849 (BID 53831) Lync Insecure Library Loading Vulnerability (MS Rating: Important; Symantec Urgency Rating: 8.5/10)

    A remote code execution vulnerability exists in the way that Microsoft Lync handles the loading of DLL files. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

    CVE-2012-1858 (BID 53833) HTML Sanitization Vulnerability (MS Rating: Important; Symantec Urgency Rating: 6.7/10)

    An information disclosure vulnerability exists in the way that HTML is filtered that could allow an attacker to perform cross-site scripting attacks and run script in the security context of the current user.

More information on the vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal and to our customers through the DeepSight Threat Management System.