June 2012 - Microsoft Releases 7 Security Advisories
Gravedad: High
Fecha recomendada: 12 de junio de 2012
Descripción
Microsoft addresses the following vulnerabilities in its June batch of patches:
- (MS12-036) Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939)
Risk Rating: Critical
A vulnerability in the Remote Desktop Protocol (RDP) exists in the way that it accesses an object in memory that changed or is deleted. More information is found here. - (MS12-037) Cumulative Security Update for Internet Explorer (2699988)
Risk Rating: Critical
This update resolves several vulnerabilities in Internet Explorer versions 6 to 9. Successfully exploiting any of the vulnerabilities allows an attacker to execute code of choice on the affected system. Read more here. - (MS12-038) Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)
Risk Rating: Critical
When exploited, a vulnerability in several versions of Microsoft .NET Framework could allow an attacker to execute code remotely. Logged on users with administrative rights are highly impacted by this vulnerability. Read more here. - (MS12-039) Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)
Risk Rating: Important
This update corrects vulnerabilities existing in the handling of TrueType fonts, loading of external library files, and sanitizing HTML content by a specific function in Lync. More information can be found here. - (MS12-040) Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)
Risk Rating: Important
A cross-site scripting vulnerability in Microsoft Dynamics AX Enterprise Portal. The attacker must lure a potential victim to click on a specially crafted URL that hosts an exploit to the said vulnerability. Read more here. - (MS12-041) Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162)
Risk Rating: Important
This update resolves five vulnerabilities in Windows, all of which allows elevation of privilege when successfully exploited. Read more here. - (MS12-042) Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)
Risk Rating: Important
This update corrects handling of system requests done by Windows User Mode Scheduler and managing BIOS ROM. Read more here.
Revelación de la información
Trend Micro Deep Security shields the following vulnerabilities using the specified rules. Trend Micro customers using OfficeScan with the Intrusion Defense Firewall plugin are also protected from attacks using these vulnerabilities.
| Microsoft Bulletin ID | Vulnerability ID | Rule Number & Title | Deep Security Pattern Version | Deep Security Pattern Release Date |
|---|---|---|---|---|
| MS12-037 | CVE-2012-1523 | 1005058 - Center Element Remote Code Execution Vulnerability (CVE-2012-1523) | 12-015 | Jun 12, 2012 |
| CVE-2012-1858 | 1005059 - Internet Explorer HTML Sanitization Vulnerability (CVE-2012-1858) | 12-015 | Jun 12, 2012 | |
| CVE-2012-1873 | 1005053 - Null Byte Information disclosure Vulnerability (CVE-2012-1873) | 12-015 | Jun 12, 2012 | |
| CVE-2012-1874 | 1005055 - Developer Toolbar Remote Code Execution Vulnerability (CVE-2012-1874) | 12-015 | Jun 12, 2012 | |
| CVE-2012-1875 | 1005051 - Internet Explorer Same ID Property Remote Code Execution Vulnerability (CVE-2012-1875) | 12-015 | Jun 12, 2012 | |
| CVE-2012-1876 | 1005056 - Internet Explorer Col Element Remote Code Execution Vulnerability (CVE-2012-1876) | 12-015 | Jun 12, 2012 | |
| CVE-2012-0184 | 1005005 - Microsoft Excel SXLI Record Memory Corruption Vulnerability (CVE-2012-0184) | 12-015 | Jun 12, 2012 | |
| CVE-2012-1877 | 1005052 - Internet Explorer Title Element Change Remote Code Execution Vulnerability (CVE-2012-1877) | 12-015 | Jun 12, 2012 | |
| CVE-2012-1878 | 1005048 - Internet Explorer 'OnBeforeDeactivate' Event Remote Code Execution Vulnerability (CVE-2012-1878) | 12-015 | Jun 12, 2012 | |
| CVE-2012-1879 | 1005054 - Internet Explorer 'insertAdjacentText' Remote Code Execution Vulnerability (CVE-2012-1879) | 12-015 | Jun 12, 2012 | |
| CVE-2012-1880 | 1005060 - Internet Explorer InsertRow Remote Code Execution Vulnerability (CVE-2012-1880) | 12-015 | Jun 12, 2012 | |
| CVE-2012-1881 | 1005062 - Internet Explorer OnRowsInserted Event Remote Code Execution Vulnerability (CVE-2012-1881) | 12-015 | Jun 12, 2012 | |
| MS12-038 | CVE-2012-1855 | 1005057 - Microsoft .NET Framework Memory Access Vulnerability (CVE-2012-1855) | 12-015 | Jun 12, 2012 |
| MS12-040 | CVE-2012-1857 | 1000552 - Generic Cross Site Scripting (XSS) Prevention | Jul 18, 2006 | |
| MS12-039 | CVE-2012-1849 | 1005049 - Microsoft Lync Insecure Library Loading Vulnerability Over WebDAV (CVE-2012-1849) | 12-015 | Jun 12, 2012 |
| 1005050 - Microsoft Lync Insecure Library Loading Vulnerability Over Network Share (CVE-2012-1849) | 12-015 | Jun 12, 2012 |
This release also includes a rule that blocks unauthorized use of Microsoft Certificates. Apply the rule 1005040 - Detected Unauthorized Digital Certificate to protect from components of the malware WORM_FLAMER.A and TROJ_FLAMER.CFG, which actively uses unauthorized MS certificates.
The rule 1000552 - Generic Cross Site Scripting (XSS) Prevention is not applicable to the Intrusion Defense Firewall (IDF) plugin.