June 2012 - Microsoft Releases 7 Security Advisories
Publish date: February 20, 2013
Severity: HIGH
Advisory Date: JUN 12, 2012
DESCRIPTION
Microsoft addresses the following vulnerabilities in its June batch of patches:
- (MS12-036) Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939)
Risk Rating: Critical
A vulnerability in the Remote Desktop Protocol (RDP) exists in the way that it accesses an object in memory that changed or is deleted. More information is found here. - (MS12-037) Cumulative Security Update for Internet Explorer (2699988)
Risk Rating: Critical
This update resolves several vulnerabilities in Internet Explorer versions 6 to 9. Successfully exploiting any of the vulnerabilities allows an attacker to execute code of choice on the affected system. Read more here. - (MS12-038) Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)
Risk Rating: Critical
When exploited, a vulnerability in several versions of Microsoft .NET Framework could allow an attacker to execute code remotely. Logged on users with administrative rights are highly impacted by this vulnerability. Read more here. - (MS12-039) Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)
Risk Rating: Important
This update corrects vulnerabilities existing in the handling of TrueType fonts, loading of external library files, and sanitizing HTML content by a specific function in Lync. More information can be found here. - (MS12-040) Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)
Risk Rating: Important
A cross-site scripting vulnerability in Microsoft Dynamics AX Enterprise Portal. The attacker must lure a potential victim to click on a specially crafted URL that hosts an exploit to the said vulnerability. Read more here. - (MS12-041) Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162)
Risk Rating: Important
This update resolves five vulnerabilities in Windows, all of which allows elevation of privilege when successfully exploited. Read more here. - (MS12-042) Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)
Risk Rating: Important
This update corrects handling of system requests done by Windows User Mode Scheduler and managing BIOS ROM. Read more here.
TREND MICRO PROTECTION INFORMATION
Trend Micro Deep Security shields the following vulnerabilities using the specified rules. Trend Micro customers using OfficeScan with the Intrusion Defense Firewall plugin are also protected from attacks using these vulnerabilities.
Microsoft Bulletin ID | Vulnerability ID | Rule Number & Title | Deep Security Pattern Version | Deep Security Pattern Release Date |
---|---|---|---|---|
MS12-037 | CVE-2012-1523 | 1005058 - Center Element Remote Code Execution Vulnerability (CVE-2012-1523) | 12-015 | Jun 12, 2012 |
CVE-2012-1858 | 1005059 - Internet Explorer HTML Sanitization Vulnerability (CVE-2012-1858) | 12-015 | Jun 12, 2012 | |
CVE-2012-1873 | 1005053 - Null Byte Information disclosure Vulnerability (CVE-2012-1873) | 12-015 | Jun 12, 2012 | |
CVE-2012-1874 | 1005055 - Developer Toolbar Remote Code Execution Vulnerability (CVE-2012-1874) | 12-015 | Jun 12, 2012 | |
CVE-2012-1875 | 1005051 - Internet Explorer Same ID Property Remote Code Execution Vulnerability (CVE-2012-1875) | 12-015 | Jun 12, 2012 | |
CVE-2012-1876 | 1005056 - Internet Explorer Col Element Remote Code Execution Vulnerability (CVE-2012-1876) | 12-015 | Jun 12, 2012 | |
CVE-2012-0184 | 1005005 - Microsoft Excel SXLI Record Memory Corruption Vulnerability (CVE-2012-0184) | 12-015 | Jun 12, 2012 | |
CVE-2012-1877 | 1005052 - Internet Explorer Title Element Change Remote Code Execution Vulnerability (CVE-2012-1877) | 12-015 | Jun 12, 2012 | |
CVE-2012-1878 | 1005048 - Internet Explorer 'OnBeforeDeactivate' Event Remote Code Execution Vulnerability (CVE-2012-1878) | 12-015 | Jun 12, 2012 | |
CVE-2012-1879 | 1005054 - Internet Explorer 'insertAdjacentText' Remote Code Execution Vulnerability (CVE-2012-1879) | 12-015 | Jun 12, 2012 | |
CVE-2012-1880 | 1005060 - Internet Explorer InsertRow Remote Code Execution Vulnerability (CVE-2012-1880) | 12-015 | Jun 12, 2012 | |
CVE-2012-1881 | 1005062 - Internet Explorer OnRowsInserted Event Remote Code Execution Vulnerability (CVE-2012-1881) | 12-015 | Jun 12, 2012 | |
MS12-038 | CVE-2012-1855 | 1005057 - Microsoft .NET Framework Memory Access Vulnerability (CVE-2012-1855) | 12-015 | Jun 12, 2012 |
MS12-040 | CVE-2012-1857 | 1000552 - Generic Cross Site Scripting (XSS) Prevention | Jul 18, 2006 | |
MS12-039 | CVE-2012-1849 | 1005049 - Microsoft Lync Insecure Library Loading Vulnerability Over WebDAV (CVE-2012-1849) | 12-015 | Jun 12, 2012 |
1005050 - Microsoft Lync Insecure Library Loading Vulnerability Over Network Share (CVE-2012-1849) | 12-015 | Jun 12, 2012 |
This release also includes a rule that blocks unauthorized use of Microsoft Certificates. Apply the rule 1005040 - Detected Unauthorized Digital Certificate to protect from components of the malware WORM_FLAMER.A and TROJ_FLAMER.CFG, which actively uses unauthorized MS certificates.
The rule 1000552 - Generic Cross Site Scripting (XSS) Prevention is not applicable to the Intrusion Defense Firewall (IDF) plugin.
SOLUTION
Featured Stories
- The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
- Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
- A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
- How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more