Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor is releasing nine bulletins covering a total of 26 vulnerabilities. Twenty-one of this month's issues are rated ’Critical’. The Critical issues affect Windows common controls, Internet Explorer, Remote Desktop Protocol (RDP), Print Spooler service, Remote Administration Protocol (RAP), and Microsoft Exchange Server.
As always, customers are advised to follow these security best practices:
- Install vendor patches as soon as they are available
- Run all software with the least privileges required while still maintaining functionality
- Avoid handling files from unknown or questionable sources
- Never visit sites of unknown or questionable integrity
- Block external access at the network perimeter to all key systems unless specific access is required
Microsoft's summary of the August releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms12-Aug
The following is a breakdown of the issues being addressed this month:
-
MS12-056 Vulnerability in JScript and VBScript Engines Could Allow Remote Code Execution
JavaScript Integer Overflow Remote Code Execution Vulnerability (CVE-2012-2523) MS Rating: Important
A remote code execution vulnerability exists in the way that the JScript and VBScript engines calculate the size of an object in memory during a copy operation. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
-
MS12-060 Vulnerability in Windows Common Controls Could Allow Remote Code Execution
MSCOMCTL.OCX RCE Vulnerability (CVE-2012-1856) MS Rating: Critical
A remote code execution vulnerability exists in the Windows common controls. An attacker could exploit the vulnerability by constructing a specially crafted document or Web page. When a user opens the document or views the Web page, the vulnerability could allow remote code execution.
-
MS12-052 Cumulative Security Update for Internet Explorer
Microsoft Internet Explorer Layout Remote Memory Corruption Vulnerability (CVE-2012-1526) MS Rating: Critical
A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Internet Explorer Asynchronous NULL Object Access Remote Code Execution Vulnerability (CVE-2012-2521) MS Rating: Critical
A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Internet Explorer Virtual Function Table Corruption Remote Code Execution Vulnerability (CVE-2012-2522) MS Rating: Critical
A remote code execution vulnerability exists in the way that Internet Explorer accesses a corrupted virtual function table that has been deleted. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft VBScript And JScript Scripting Engines Integer Overflow Code Execution Vulnerability (CVE-2012-2523) MS Rating: Important
A remote code execution vulnerability exists in the way that Internet Explorer calculates the size of an object in memory during a copy operation. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
-
MS12-053 Vulnerability in Remote Desktop Could Allow Remote Code Execution
Microsoft Remote Desktop Protocol Vulnerability (CVE-2012-2526) MS Rating: Critical
A remote code execution vulnerability exists in the way that the Remote Desktop Protocol accesses an object in memory after it has been deleted. An attacker who successfully exploited this vulnerability could run arbitrary code on the target system.
-
MS12-055 Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
Win32k Use After Free Vulnerability (CVE-2012-2527) MS Rating: Important
An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
-
MS12-057 Vulnerability in Microsoft Office Could Allow for Remote Code Execution
CGM File Format Memory Corruption Vulnerability (CVE-2012-2524) MS Rating: Important
A remote code execution vulnerability exists in the way that Microsoft Office handles specially crafted Computer Graphics Metafile (CGM) graphics files. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
-
MS12-054 Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution
Microsoft Windows Remote Administration Protocol (RAP) Denial of Service Vulnerability (CVE-2012-1850) MS Rating: Critical
A denial of service vulnerability exists in Windows networking components. The vulnerability is due to the service not properly handling specially crafted RAP requests. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Print Spooler Service Format String Vulnerability (CVE-2012-1851) MS Rating: Critical
A remote code execution vulnerability exists in the Windows Print Spooler service that could allow a remote, unauthenticated attacker to execute arbitrary code on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Microsoft Windows Remote Administration Protocol (RAP) Remote Heap Buffer Overflow Vulnerability (CVE-2012-1852) MS Rating: Critical
A remote code execution vulnerability exists in the way that Windows networking components handle a specially crafted RAP response. An attacker who successfully exploited this vulnerability could run arbitrary code on the target system.
Microsoft Windows Remote Administration Protocol (RAP) Remote Stack Buffer Overflow Vulnerability (CVE-2012-1853) MS Rating: Critical
A remote code execution vulnerability exists in the way that Windows networking components handle specially crafted RAP responses. An attacker who successfully exploited this vulnerability could run arbitrary code on the target system.
-
MS12-059 Vulnerability in Microsoft Visio Could Allow Remote Code Execution
Microsoft Visio Viewer VXF File Format Buffer Overflow Vulnerability (CVE-2012-1888) MS Rating: Important
This is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could run arbitrary code as the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system.
-
MS12-058 Vulnerability in Microsoft Exchange Server WebReady Document Viewing Could Allow Remote Code Execution
Oracle Outside In contains multiple exploitable vulnerabilities (CVE-2012-1766) MS Rating: Critical
Remote code execution vulnerabilities exist in Microsoft Exchange Server through the WebReady Document Viewing feature. These vulnerabilities could allow remote code execution as Local System if a user views a specially crafted file through Outlook Web Access in a browser. An attacker who successfully exploited the vulnerabilities could run code on the affected server, but only as LocalService. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network. Affected file parser: CDR.
Oracle Outside In contains multiple exploitable vulnerabilities (CVE-2012-1767) MS Rating: Critical
Remote code execution vulnerabilities exist in Microsoft Exchange Server through the WebReady Document Viewing feature. These vulnerabilities could allow remote code execution as Local System if a user views a specially crafted file through Outlook Web Access in a browser. An attacker who successfully exploited the vulnerabilities could run code on the affected server, but only as LocalService. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network. Affected file parser: DOC.
Oracle Outside In contains multiple exploitable vulnerabilities (CVE-2012-1768) MS Rating: Critical
Remote code execution vulnerabilities exist in Microsoft Exchange Server through the WebReady Document Viewing feature. These vulnerabilities could allow remote code execution as Local System if a user views a specially crafted file through Outlook Web Access in a browser. An attacker who successfully exploited the vulnerabilities could run code on the affected server, but only as LocalService. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network. Affected file parser: DPT.
Oracle Outside In contains multiple exploitable vulnerabilities (CVE-2012-1769) MS Rating: Critical
Remote code execution vulnerabilities exist in Microsoft Exchange Server through the WebReady Document Viewing feature. These vulnerabilities could allow remote code execution as Local System if a user views a specially crafted file through Outlook Web Access in a browser. An attacker who successfully exploited the vulnerabilities could run code on the affected server, but only as LocalService. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network. Affected file parser: JP2.
Oracle Outside In contains multiple exploitable vulnerabilities (CVE-2012-1770) MS Rating: Critical
Remote code execution vulnerabilities exist in Microsoft Exchange Server through the WebReady Document Viewing feature. These vulnerabilities could allow remote code execution as Local System if a user views a specially crafted file through Outlook Web Access in a browser. An attacker who successfully exploited the vulnerabilities could run code on the affected server, but only as LocalService. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network. Affected file parser: LWP.
Oracle Outside In contains multiple exploitable vulnerabilities (CVE-2012-1771) MS Rating: Critical
Remote code execution vulnerabilities exist in Microsoft Exchange Server through the WebReady Document Viewing feature. These vulnerabilities could allow remote code execution as Local System if a user views a specially crafted file through Outlook Web Access in a browser. An attacker who successfully exploited the vulnerabilities could run code on the affected server, but only as LocalService. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network. Affected file parser: ODG.
Oracle Outside In contains multiple exploitable vulnerabilities (CVE-2012-1772) MS Rating: Critical
Remote code execution vulnerabilities exist in Microsoft Exchange Server through the WebReady Document Viewing feature. These vulnerabilities could allow remote code execution as Local System if a user views a specially crafted file through Outlook Web Access in a browser. An attacker who successfully exploited the vulnerabilities could run code on the affected server, but only as LocalService. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network. Affected file parser: PCX.
Oracle Outside In contains multiple exploitable vulnerabilities (CVE-2012-1773) MS Rating: Critical
Remote code execution vulnerabilities exist in Microsoft Exchange Server through the WebReady Document Viewing feature. These vulnerabilities could allow remote code execution as Local System if a user views a specially crafted file through Outlook Web Access in a browser. An attacker who successfully exploited the vulnerabilities could run code on the affected server, but only as LocalService. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network. Affected file parser: PDF.
Oracle Outside In contains multiple exploitable vulnerabilities (CVE-2012-3106) MS Rating: Critical
Remote code execution vulnerabilities exist in Microsoft Exchange Server through the WebReady Document Viewing feature. These vulnerabilities could allow remote code execution as Local System if a user views a specially crafted file through Outlook Web Access in a browser. An attacker who successfully exploited the vulnerabilities could run code on the affected server, but only as LocalService. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network. Affected file parser: SAM.
Oracle Outside In contains multiple exploitable vulnerabilities (CVE-2012-3107) MS Rating: Critical
Remote code execution vulnerabilities exist in Microsoft Exchange Server through the WebReady Document Viewing feature. These vulnerabilities could allow remote code execution as Local System if a user views a specially crafted file through Outlook Web Access in a browser. An attacker who successfully exploited the vulnerabilities could run code on the affected server, but only as LocalService. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network. Affected file parser: SXD.
Oracle Outside In contains multiple exploitable vulnerabilities (CVE-2012-3108) MS Rating: Critical
Remote code execution vulnerabilities exist in Microsoft Exchange Server through the WebReady Document Viewing feature. These vulnerabilities could allow remote code execution as Local System if a user views a specially crafted file through Outlook Web Access in a browser. An attacker who successfully exploited the vulnerabilities could run code on the affected server, but only as LocalService. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network. Affected file parser: SXI.
Oracle Outside In contains multiple exploitable vulnerabilities (CVE-2012-3109) MS Rating: Critical
Remote code execution vulnerabilities exist in Microsoft Exchange Server through the WebReady Document Viewing feature. These vulnerabilities could allow remote code execution as Local System if a user views a specially crafted file through Outlook Web Access in a browser. An attacker who successfully exploited the vulnerabilities could run code on the affected server, but only as LocalService. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network. Affected file parser: VSD.
Oracle Outside In contains multiple exploitable vulnerabilities (CVE-2012-3010) MS Rating: Critical
Remote code execution vulnerabilities exist in Microsoft Exchange Server through the WebReady Document Viewing feature. These vulnerabilities could allow remote code execution as Local System if a user views a specially crafted file through Outlook Web Access in a browser. An attacker who successfully exploited the vulnerabilities could run code on the affected server, but only as LocalService. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network. Affected file parser: WSD.
More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.