July 2012 - Microsoft Releases 9 Security Advisories
Severity: HIGH
Advisory Date: JUL 10, 2012
DESCRIPTION
Microsoft addresses the following vulnerabilities in its July batch of patches:
- (MS12-043) Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479)
Risk Rating: Critical
This update resolves a vulnerability that exists in version of Microsoft XML Core Services that could allow remote code execution when successfully exploited. More information is found here. - (MS12-044) Cumulative Security Update for Internet Explorer (2719177)
Risk Rating: Critical
This update resolves two vulnerabilities that may allow remote code execution when successfully exploited on affected systems. Read more here. - (MS12-045) Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365)
Risk Rating: Critical
This update resolves a vulnerability that exists in Microsoft Data Access Components. The vulnerability lies in the way that MDAC attempt to access improperly initialized objects in memory. Read more here. - (MS12-046) Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960)
Risk Rating: Important
This update resolves the vulnerability that exists in the handling of DLL files in Microsoft Visual Basic for Applications. More information can be found here. - (MS12-047) Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2718523)
Risk Rating: Important
This update resolves two privilege elevation vulnerabilities that exist in Windows Kernel. Read more here. - (MS12-048) Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442)
Risk Rating: Important
This update resolves the vulnerability that exists in Windows operating systems' way in handling files and folder names. Read more here. - (MS12-049) Vulnerability in TLS Could Allow Information Disclosure (2655992)
Risk Rating: Important
This update resolves the information disclosure vulnerability that exists in TLS protocol in Windows. Read more here. - (MS12-050) Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)
Risk Rating: Important
This update resolves several vulnerabilities affecting InfoPath, SharePoint Server, SharePoint Services, SharePoint Foundation, Groove Server, and MS Office Web Apps. Read more here. - (MS12-051) Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015)
Risk Rating: Important
This update resolves a vulnerability identified in MS Office for Mac that could allow remote code execution when successfully exploited. Read more here.
TREND MICRO PROTECTION INFORMATION
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
| MS Bulletin ID | Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | IDF Compatibility |
| MS12-043 | CVE-2012-1889 | 1005061 | Microsoft XML Core Services Remote Code Execution Vulnerability (CVE-2012-1889) | 12-Jun-12 | YES |
| MS12-044 | CVE-2012-1522 | 1005077 | Microsoft Internet Explorer Cached Object Remote Code Execution Vulnerability (CVE-2012-1522) | 10 -Jul-12 | YES |
| CVE-2012-1524 | 1005078 | Microsoft Internet Explorer Attribute Remove Remote Code Execution Vulnerability (CVE-2012-1524) | 10-Jul-12 | YES | |
| MS12-045 | CVE-2012-1891 | 1005086 | Microsoft ADO Cachesize Heap Overflow Vulnerability (CVE-2012-1891) | 10-Jul-12 | YES |
| MS12-046 | CVE-2012-1854 | 1005079 | Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability Over WebDav (CVE-2012-1854) | 10-Jul-12 | YES |
| 1005080 | Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability Over Network Share (CVE-2012-1854) | 10-Jul-12 | YES | ||
| MS12-048 | CVE-2012-0175 | 1005081 | Vulnerability in Windows Shell Could Allow Remote Code Execution (CVE-2012-0175) | 10-Jul-12 | YES |
| MS12-050 | CVE-2012-1858 | 1005059 | Internet Explorer HTML Sanitization Vulnerability (CVE-2012-1858) | 12-Jul-12 | YES |
| CVE-2012-1859 | 1000552 | Generic Cross Site Scripting (XSS) Prevention | 18-Jul-06 | NO | |
| CVE-2012-1859 | 1000552 | Generic Cross Site Scripting (XSS) Prevention | 18-Jul-06 | NO | |
| CVE-2012-1859 | 1000552 | Generic Cross Site Scripting (XSS) Prevention | 18-Jul-06 | NO |