securitybulletin

Please see details below of the security bulletin being released today and make sure you apply these updates where it makes sense in your environment.

What is the purpose of this alert?

This alert is to provide you with an overview of the new security bulletin(s) being released on February 14, 2012. Security bulletins are released monthly to resolve critical problem vulnerabilities.

New Security Bulletins

Microsoft is releasing the following 9 new security bulletins for newly discovered vulnerabilities:

Bulletin ID

Bulletin Title

Max Severity Rating

Vulnerability Impact

Restart Requirement

Affected Software

MS12-008

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465)

Critical

Remote Code Execution

Requires restart

Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS12-009

Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640)

Important

Elevation of Privilege

Requires restart

Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS12-010

Cumulative Security Update for Internet Explorer (2647516)

Critical

Remote Code Execution

Requires restart

Internet Explorer on Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS12-011

Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841)

Important

Elevation of Privilege

May require restart

Microsoft SharePoint Server 2010 and Microsoft SharePoint Foundation 2010.

MS12-012

Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719)

Important

Remote Code Execution

May require restart

Windows Server 2008 and Windows Server 2008 R2.

 

MS12-013

Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428)

Critical

Remote Code Execution

Requires restart

Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS12-014

Vulnerability in Indeo Codec Could Allow Remote Code Execution (2661637)

Important

Remote Code Execution

May require restart

Microsoft Windows XP

MS12-015

Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2663510)

Important

Remote Code Execution

May require restart

Microsoft Visio Viewer 2010

MS12-016

Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026)

Critical

Remote Code Execution

May require restart

Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, and Silverlight 4.

Summaries for new bulletin(s) may be found at http://technet.microsoft.com/security/bulletin/MS12-feb.

Microsoft Windows Malicious Software Removal Tool

Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. Information on the Microsoft Windows Malicious Software Removal Tool is available at http://support.microsoft.com/?kbid=890830.

High Priority Non-Security Updates

High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU), or Windows Server Update Services (WSUS) will be detailed in the KB article found at http://support.microsoft.com/?id=894199.

New Security Bulletin Technical Details

In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle website at http://support.microsoft.com/lifecycle/.

Bulletin Identifier

Microsoft Security Bulletin MS12-008

Bulletin Title

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465)

Executive Summary

This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if a user visits a website containing specially crafted content or if a specially crafted application is run locally. The security update addresses the vulnerabilities by modifying the way that the Windows kernel-mode driver handles user mode calls to GDI and handles keyboard layout errors.

Severity Ratings and Affected Software

This security update is rated Critical for all supported releases of Microsoft Windows.

Attack Vectors

·         A maliciously crafted webpage.

·         A maliciously crafted email.

·         A maliciously crafted application.

 

Mitigating Factors

·         Users would have to be persuaded to visit a malicious website.

·         An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

 

Restart Requirement

This update requires a restart.

Bulletins Replaced by This Update

MS11-087

Full Details

http://technet.microsoft.com/security/bulletin/MS12-008

Bulletin Identifier

Microsoft Security Bulletin MS12-009

Bulletin Title

Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640)

Executive Summary

This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. The security update addresses the vulnerabilities by correcting the way that the AFD validates input before passing the input from user-mode to the Windows kernel.

Severity Ratings and Affected Software

This security update is rated Important for all supported editions of Windows XP (except x86-based), Windows Server 2003, Windows Vista (except x86-based), Windows Server 2008 (except x86-based), Windows 7 (except x86-based), and Windows Server 2008 R2.

Attack Vectors

·         A maliciously crafted application.

Mitigating Factors

·         An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities.

Restart Requirement

This update requires a restart.

Bulletins Replaced by This Update

MS11-080 and MS11-046

Full Details

http://technet.microsoft.com/security/bulletin/MS12-009

Bulletin Identifier

Microsoft Security Bulletin MS12-010

Bulletin Title

Cumulative Security Update for Internet Explorer (2647516)

Executive Summary

This security update resolves four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles content during copy and paste processes, handles objects in memory, and creates and initializes strings.

Severity Ratings and Affected Software

·         This security update is rated Critical for Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows clients.

·         This security update is rated Moderate for Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows servers.

·         This security update is also rated Moderate for Internet Explorer 6 on all supported editions of Windows XP.

Attack Vectors

·         A maliciously crafted webpage.

Mitigating Factors

·         An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

·         Users would have to be persuaded to visit a malicious website.

·         By default, all versions of Outlook, Outlook Express, and Windows Mail open HTML email messages in the Restricted Sites zone.

·         By default, IE on Windows 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode.

Restart Requirement

This update requires a restart.

Bulletins Replaced by This Update

MS11-099

Full Details

http://technet.microsoft.com/security/bulletin/MS12-010

Bulletin Identifier

Microsoft Security Bulletin MS12-011

Bulletin Title

Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841)

Executive Summary

This security update resolves three privately reported vulnerabilities in Microsoft SharePoint and Microsoft SharePoint Foundation. These vulnerabilities could allow elevation of privilege or information disclosure if a user clicked a specially crafted URL. The security update addresses the vulnerabilities by correcting the way that Microsoft SharePoint validates and sanitizes user input.

Severity Ratings and Affected Software

This security update is rated Important for Microsoft Office SharePoint Server 2010 and Microsoft SharePoint Foundation 2010.

Attack Vectors

·         A cross-site scripting attack.

·         A specially crafted URL.

Mitigating Factors

·         IE 8 and IE 9 users are at a reduced risk because, by default, the XSS Filter prevents this attack in the Internet Zone.

·         An attacker could cause arbitrary JavaScript to be run when the user clicks a specially crafted URL, but would not be able to steal the logged-on user's authentication credentials.

Restart Requirement

This update may require a restart.

Bulletins Replaced by This Update

None

Full Details

http://technet.microsoft.com/security/bulletin/MS12-011

Bulletin Identifier

Microsoft Security Bulletin MS12-012

Bulletin Title

Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719)

Executive Summary

This security update resolves one publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .icm or .icc file) that is located in the same directory as a specially crafted dynamic link library (DLL) file. The security update addresses the vulnerability by correcting the manner in which the Color Control Panel loads external libraries.

Severity Ratings and Affected Software

This security update is rated Important for all supported editions of Windows Server 2008 and Windows Server 2008 R2.

Attack Vectors

·         Maliciously crafted WebDAV responses.

·         Common delivery mechanisms: a maliciously crafted webpage, an email attachment, an instant message, a peer-to-peer file share, a network share, and/or a USB thumb drive.

Mitigating Factors

·         An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

·         SMB is commonly disabled on the perimeter firewall.

·         For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as a .icm or .icc file).

Restart Requirement

This update may require a restart.

Bulletins Replaced by This Update

None

Full Details

http://technet.microsoft.com/security/bulletin/MS12-012

Bulletin Identifier

Microsoft Security Bulletin MS12-013

Bulletin Title

Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428)

Executive Summary

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted media file that is hosted on a website or sent as an email attachment. The security update addresses the vulnerability by modifying the way that the msvcrt dynamic link library (DLL) calculates the size of data structures in memory.

Severity Ratings and Affected Software

This security update is rated Critical for all supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Attack Vectors

·         A maliciously crafted media file.

·         Common delivery mechanisms: a maliciously crafted webpage, an email attachment, an instant message, a peer-to-peer file share, a network share, and/or a USB thumb drive

Mitigating Factors

·         An attacker who successfully exploited the vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

·         Exploitation only gains the same user rights as the logged-on account.

·         Users would have to be persuaded to visit a malicious website or to open an email attachment.

Restart Requirement

This update requires a restart.

Bulletins Replaced by This Update

None

Full Details

http://technet.microsoft.com/security/bulletin/MS12-013

Bulletin Identifier

Microsoft Security Bulletin MS12-014

Bulletin Title

Vulnerability in Indeo Codec Could Allow Remote Code Execution (2661637)

Executive Summary

This security update resolves one publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .avi file) that is located in the same directory as a specially crafted dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user. The security update addresses the vulnerability by correcting the manner in which the Indeo Codec loads external libraries.

Severity Ratings and Affected Software

This security update is rated Important for Windows XP Service Pack 3.

Attack Vectors

·         A maliciously crafted file share or WebDAV location.

·         A maliciously crafted .AVI file.

Mitigating Factors

·         If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

·         SMB is commonly disabled on the perimeter firewall.

·         A user must be persuaded to visit an untrusted remote file system location or WebDAV share and open a media file (such as an .avi file).

Restart Requirement

This update may require a restart.

Bulletins Replaced by This Update

None

Full Details

http://technet.microsoft.com/security/bulletin/MS12-014

Bulletin Identifier

Microsoft Security Bulletin MS12-015

Bulletin Title

Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2663510)

Executive Summary

This security update resolves five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. The security update addresses the vulnerabilities by correcting the way that Microsoft Visio Viewer validates data when parsing specially crafted Visio files.

Severity Ratings and Affected Software

This security update is rated Important for all supported editions of Microsoft Visio Viewer 2010.

Attack Vectors

·         A maliciously crafted Visio file.

·         Common delivery mechanisms: a maliciously crafted webpage, an email attachment, an instant message, a peer-to-peer file share, a network share, and/or a USB thumb drive.

Mitigating Factors

·         An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

·         Users would have to be persuaded to visit a malicious website.

·         By default, all versions of Outlook, Outlook Express, and Windows Mail open HTML email messages in the Restricted Sites zone.

·         By default, IE on Windows 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode.

Restart Requirement

This update may require a restart.

Bulletins Replaced by This Update

The Microsoft Office update MS11-089 when applied to systems running Microsoft Visio Viewer 2010.

Full Details

http://technet.microsoft.com/security/bulletin/MS12-015

Bulletin Identifier

Microsoft Security Bulletin MS12-015

Bulletin Title

Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2663510)

Executive Summary

This security update resolves five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. The security update addresses the vulnerabilities by correcting the way that Microsoft Visio Viewer validates data when parsing specially crafted Visio files.

Severity Ratings and Affected Software

This security update is rated Important for all supported editions of Microsoft Visio Viewer 2010.

Attack Vectors

·         A maliciously crafted Visio file.

·         Common delivery mechanisms: a maliciously crafted webpage, an email attachment, an instant message, a peer-to-peer file share, a network share, and/or a USB thumb drive.

Mitigating Factors

·         An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

·         Users would have to be persuaded to visit a malicious website.

·         By default, all versions of Outlook, Outlook Express, and Windows Mail open HTML email messages in the Restricted Sites zone.

·         By default, IE on Windows 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode.

Restart Requirement

This update may require a restart.

Bulletins Replaced by This Update

The Microsoft Office update MS11-089 when applied to systems running Microsoft Visio Viewer 2010.

Full Details

http://technet.microsoft.com/security/bulletin/MS12-015

Jeffa

Digg This