Hello and welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing nine bulletins covering a total of 16 vulnerabilities. Four of this month's issues are rated 'Critical' affecting Microsoft Data Access Components, Internet Explorer, and XML Core Services.
As always, customers are advised to follow these security best practices:
- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or questionable sources.
- Never visit sites of unknown or questionable integrity.
- Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft’s summary of the July releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms12-jul
The following is a breakdown of the issues being addressed this month:
-
MS12-043 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479)
CVE-2012-1889 (BID 53934) MSXML Uninitialized Memory Corruption Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 8.5/10)
A remote code execution vulnerability exists in the way that Microsoft XML Core Services handles objects in memory. The vulnerability could allow remote code execution if a user views a website that contains specially crafted content.
-
MS12-044 Cumulative Security Update for Internet Explorer (2719177)
CVE-2012-1522 (BID 54293) Cached Object Remote Code Execution Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 7.1/10)
A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted. The vulnerability may corrupt memory in a way that allows an attacker to execute arbitrary code in the context of the current user.
CVE-2012-1524 (BID 54294) Attribute Remove Remote Code Execution Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 7.1/10)
A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted. The vulnerability may corrupt memory in a way that allows an attacker to execute arbitrary code in the context of the current user.
-
MS12-045 Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365)
CVE-2012-1891 (BID 54308) ADO Cachesize Heap Overflow RCE Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 7.1/10)
A remote code execution vulnerability exists in the way that Microsoft Data Access Components accesses an object in memory that has been improperly initialized. An attacker who successfully exploited this vulnerability could run arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
-
MS12-046 Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960)
CVE-2012-1854 (BID 54303) Visual Basic for Applications Insecure Library Loading Vulnerability (MS Rating: Important; Symantec Urgency Rating: 8.5/10)
A remote code execution vulnerability exists in the way that Microsoft Visual Basic for Applications handles the loading of DLL files. An attacker who successfully exploits this vulnerability could take complete control of an affected system.
-
MS12-047 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2718523)
CVE-2012-1890 (BID 54285) Keyboard Layout Vulnerability (MS Rating: Important; Symantec Urgency Rating: 6.6/10)
An elevation of privilege vulnerability exists in the way that the Windows kernel-mode driver handles specific keyboard layouts. An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode.
CVE-2012-1893 (BID 54302) Win32k Incorrect Type Handling Vulnerability (MS Rating: Important; Symantec Urgency Rating: 6.6/10)
An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly validates parameters when creating a hook procedure. An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode.
-
MS12-048 Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442)
CVE-2012-0175 (BID 54307) Command Injection Vulnerability - (MS Rating: Important; Symantec Urgency Rating: 7.1/10)
A remote code execution vulnerability exists in the way Windows handles file and directory names. This vulnerability could allow remote code execution if a user opens a file or directory with a specially crafted name.
-
MS12-049 Vulnerability in TLS Could Allow Information Disclosure (2655992)
CVE-2012-1870 (BID 54304) TLS Protocol Vulnerability - (MS Rating: Important; Symantec Urgency Rating: 7.1/10)
An information disclosure vulnerability exists in the TLS encryption protocol. This vulnerability affects the protocol itself and is not specific to the Windows operating system. This is an information disclosure vulnerability that allows the decryption of encrypted TLS traffic. This vulnerability primarily impacts HTTPS traffic, since the browser is the primary attack vector. All web traffic served through HTTPS or mixed content (HTTP and HTTPS) is affected.
-
MS12-050 Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)
CVE-2012-1858 (BID 53842) HTML Sanitization Vulnerability (MS Rating: Important; Symantec Urgency Rating: 7.1/10)
An information disclosure vulnerability exists in the way that HTML strings are sanitized. An attacker who successfully exploited this vulnerability could perform cross-site scripting attacks and run script in the security context of the logged-on user.
CVE-2012-1859 (BID 54312) XSS scriptresx.ashx Vulnerability (MS Rating: Important; Symantec Urgency Rating: 7.1/10)
A cross-site scripting and elevation of privilege vulnerability exists in SharePoint that allows attacker-controlled JavaScript to run in the context of the user clicking a link. This is an elevation of privilege vulnerability as it allows an anonymous attacker to potentially issue SharePoint commands in the context of an authenticated user on the site.
CVE-2012-1860 (BID 54314) SharePoint Search Scope Vulnerability (MS Rating: Important; Symantec Urgency Rating: 6.7/10)
An information disclosure vulnerability exists in the way that SharePoint stores search scopes. An attacker could view or tamper with user search scopes.
CVE-2012-1861 (BID 54313) SharePoint Script in Username Vulnerability (MS Rating: Important; Symantec Urgency Rating: 7.5/10)
A cross-site scripting vulnerability exists in SharePoint that allows attacker-controlled JavaScript to run in the context of the user clicking a link. This is an elevation of privilege vulnerability as it allows an anonymous attacker to potentially issue SharePoint commands in the context of an authenticated user.
CVE-2012-1862 (BID 54315) SharePoint URL Redirection Vulnerability (MS Rating: Moderate; Symantec Urgency Rating: 7.5/10)
A URL redirection vulnerability exists in SharePoint which could allow an attacker to redirect a user to an external URL; this may lead to spoofing and information disclosure.
CVE-2012-1863 (BID 54316) SharePoint Reflected List Parameter Vulnerability (MS Rating: Important; Symantec Urgency Rating: 7.1/10)
A cross-site scripting vulnerability exists in SharePoint that allows attacker-controlled JavaScript to run in the context of the user clicking a link. This is an elevation of privilege vulnerability as it allows an anonymous attacker to potentially issue SharePoint commands in the context of an authenticated user.
-
MS12-051 Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015)
CVE-2012-1894 (BID 54361) Office for Mac Improper Folder Permissions Vulnerability (MS Rating: Important; Symantec Urgency Rating: 7.6/10)
An elevation of privilege vulnerability exists in the way that folder permissions are set in certain Microsoft Office for Mac installations. An attacker could place a malicious executable in the Microsoft Office 2011 folder. If a user logs on and runs the malicious executable, attacker-provided code will execute in the security context of the current user.
More information on the vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal and to our customers through the DeepSight Threat Management System.