securitybulletin

This month the magic number is 6!  Please see below details of this month’s security bulletin release.

What is the purpose of this alert?

This alert is to provide you with an overview of the new security bulletin(s) being released on April 10, 2012. Security bulletins are released monthly to resolve critical problem vulnerabilities.

New Security Bulletins

Microsoft is releasing the following six new security bulletins for newly discovered vulnerabilities:

Bulletin ID

Bulletin Title

Max Severity Rating

Vulnerability Impact

Restart Requirement

Affected Software

MS12-023

Cumulative Security Update for Internet Explorer (2675157)

Critical

Remote Code Execution

Requires restart

Microsoft Internet Explorer on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS12-024

Vulnerability in Windows Could Allow Remote Code Execution (2653956)

Critical

Remote Code Execution

Requires restart

Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS12-025

Vulnerability in .NET Framework Could Allow Remote Code Execution (2671605)

Critical

Remote Code Execution

May require restart

.NET Framework on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS12-026

Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860)

Important

Information Disclosure

May require restart

Microsoft Forefront United Access Gateway 2010

MS12-027

Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)

Critical

Remote Code Execution

May require restart

Microsoft Office 2003, Office 2003 Web Components, Office 2007, Office 2010 (32-bit), SQL Server 2000, SQL Server 2005, SQL Server 2008, SQL Server 2008 R2, BizTalk Server, Commerce Server, Visual FoxPro 8.0, Visual FoxPro 9.0, and Visual Basic 6.0 Runtime.

MS12-028

Vulnerability in Microsoft Office Could Allow Remote Code Execution (2639185)

Important

Remote Code Execution

May require restart

Microsoft Office 2007, Works 9, and Works 6-9 File Converter.

Summaries for new bulletin(s) may be found at http://technet.microsoft.com/security/bulletin/MS12-apr.

Microsoft Windows Malicious Software Removal Tool

Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. Information on the Microsoft Windows Malicious Software Removal Tool is available at http://support.microsoft.com/?kbid=890830.

High Priority Non-Security Updates

High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU), or Windows Server Update Services (WSUS) will be detailed in the KB article found at http://support.microsoft.com/?id=894199.

Security Bulletin Technical Details

In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle website at http://support.microsoft.com/lifecycle/.

Bulletin Identifier

Microsoft Security Bulletin MS12-023

Bulletin Title

Cumulative Security Update for Internet Explorer (2675157)

Executive Summary

This security update resolves five privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.

 

The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles the printing of specially crafted HTML content and the way that Internet Explorer handles objects in memory.

Severity Ratings and Affected Software

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows servers.

Attack Vectors

·         A specially crafted HTML page.

·         Common delivery mechanisms: a maliciously crafted webpage, an email attachment, an instant message, a peer-to-peer file share, a network share, and/or a USB thumb drive.

Mitigating Factors

·         Users would have to be convinced to visit the website, typically by getting them to click a link in an email message or instant message that takes them to the attacker's website.

·         Users who operate with fewer rights will be less impacted than those with administrative rights.

·         By default, Internet Explorer on Windows 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode.

·         By default, all supported versions of Outlook, Outlook Express, and Windows Mail open HTML email messages in the Restricted Sites zone.

·         Internet Explorer 8 and Internet Explorer 9 are not affected by CVE-2012-0170.

Restart Requirement

This update requires a restart.

Bulletins Replaced by This Update

MS12-010

Full Details

http://technet.microsoft.com/security/bulletin/MS12-023

 


Bulletin Identifier

Microsoft Security Bulletin MS12-023

Bulletin Title

Cumulative Security Update for Internet Explorer (2675157)

Executive Summary

This security update resolves five privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.

 

The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles the printing of specially crafted HTML content and the way that Internet Explorer handles objects in memory.

Severity Ratings and Affected Software

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows servers.

Attack Vectors

·         A specially crafted HTML page.

·         Common delivery mechanisms: a maliciously crafted webpage, an email attachment, an instant message, a peer-to-peer file share, a network share, and/or a USB thumb drive.

Mitigating Factors

·         Users would have to be convinced to visit the website, typically by getting them to click a link in an email message or instant message that takes them to the attacker's website.

·         Users who operate with fewer rights will be less impacted than those with administrative rights.

·         By default, Internet Explorer on Windows 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode.

·         By default, all supported versions of Outlook, Outlook Express, and Windows Mail open HTML email messages in the Restricted Sites zone.

·         Internet Explorer 8 and Internet Explorer 9 are not affected by CVE-2012-0170.

Restart Requirement

This update requires a restart.

Bulletins Replaced by This Update

MS12-010

Full Details

http://technet.microsoft.com/security/bulletin/MS12-023


Bulletin Identifier

Microsoft Security Bulletin MS12-025

Bulletin Title

Vulnerability in .NET Framework Could Allow Remote Code Execution (2671605)

Executive Summary

This security update resolves one privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs).

 

The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

 

The security update addresses the vulnerability by correcting the manner in which the Microsoft .NET Framework validates parameters when passing data to a function.

Severity Ratings and Affected Software

This security update is rated Critical for Microsoft .NET Framework 1.0 Service Pack 3, Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5.1, and Microsoft .NET Framework 4 on all supported editions of Microsoft Windows.

Attack Vectors

·         A maliciously crafted webpage.

·         A specially crafted XAML browser application.

·         A specially crafted Windows .NET application.

Mitigating Factors

·         Users would have to be convinced to visit the website, typically by getting them to click a link in an email message or instant message that takes them to the attacker's website.

·         By default, Internet Explorer on Windows 2003, Windows 2008, and Windows 2008 R2 runs in a restricted mode.

·         Users who operate with fewer rights will be less impacted than those with administrative rights.

·         By default, anonymous users are not allowed to upload and run Microsoft .NET code on IIS.

·         Standard .NET Framework applications are not affected by this vulnerability.

Restart Requirement

This update may require a restart.

Bulletins Replaced by This Update

None

Full Details

http://technet.microsoft.com/security/bulletin/MS12-025


Bulletin Identifier

Microsoft Security Bulletin MS12-026

Bulletin Title

Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860)

Executive Summary

This security update resolves two privately reported vulnerabilities in Microsoft Forefront Unified Access Gateway (UAG). The more severe of the vulnerabilities could allow information disclosure if an attacker sends a specially crafted query to the UAG server.

 

The security update addresses the vulnerabilities by modifying UAG code to require further verification before redirecting a user to another website, and by modifying the UAG server's default binding settings to not allow unfiltered access to internal resources.

Severity Ratings and Affected Software

This security update is rated Important for Microsoft Forefront Unified Access Gateway 2010 Service Pack 1 and Microsoft Forefront Unified Access Gateway 2010 Service Pack 1 Update 1.

Attack Vectors

·         Specially crafted website.

·         Specially crafted HTTPS query to the UAG server.

Mitigating Factors

·         Users would have to be convinced to visit the website, typically by getting them to click a link in an email message or instant message that takes them to the attacker's website.

Restart Requirement

This update may require a restart.

Bulletins Replaced by This Update

None

Full Details

http://technet.microsoft.com/security/bulletin/MS12-026


Bulletin Identifier

Microsoft Security Bulletin MS12-027

Bulletin Title

Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)

Executive Summary

This security update resolves a privately disclosed vulnerability in Windows common controls. The vulnerability could allow remote code execution if a user visits a website containing specially crafted content designed to exploit the vulnerability.

 

The security update addresses the vulnerability by disabling the vulnerable version of the Windows common controls and replacing it with a new version that does not contain the vulnerability.

Severity Ratings and Affected Software

This security update is rated Critical for all supported Microsoft software that included the Windows common controls in their default installations.

Attack Vectors

·         A specially crafted website.

·         A specially crafted Office and/or WordPad file.

Mitigating Factors

·         Users would have to be convinced to visit the website, typically by getting them to click a link in an email message or instant message that takes them to the attacker's website.

·         Cannot be exploited automatically through email, because a user must open a file contained in an email message.

·         Users who operate with fewer rights will be less impacted than those with administrative rights.

Restart Requirement

This update may require a restart.

Bulletins Replaced by This Update

MS09-004 on SQL 2000 only.

Full Details

http://technet.microsoft.com/security/bulletin/MS12-027


Bulletin Identifier

Microsoft Security Bulletin MS12-028

Bulletin Title

Vulnerability in Microsoft Office Could Allow Remote Code Execution (2639185)

Executive Summary

This security update resolves a privately reported vulnerability in Microsoft Office and Microsoft Works. The vulnerability could allow remote code execution if a user opens a specially crafted Works file.

 

The security update addresses the vulnerability by deprecating the vulnerable Microsoft Works converter. Customers should use the latest version of the Microsoft Works converter, which is not affected by the vulnerability. After the update is installed, customers with the deprecated Microsoft Works converter, who have not already downloaded the latest version of the Microsoft Works converter, will be prompted when attempting to open a Works file with instructions on how to download the latest version of the Microsoft Works converter.

Severity Ratings and Affected Software

This security update is rated Important for Microsoft Office 2007 Service Pack 2, Microsoft Works 9, and the Microsoft Works 6–9 File Converter.

Attack Vectors

·         Specially crafted .wps file.

·         Common delivery mechanisms: a maliciously crafted webpage, an email attachment, an instant message, a peer-to-peer file share, a network share, and/or a USB thumb drive.

Mitigating Factors

·         Cannot be exploited automatically through email, because a user must click a link listed within an email message.

·         Users would have to be convinced to visit the website, typically by getting them to click a link in an email message or instant message that takes them to the attacker's website.

·         Users who operate with fewer rights will be less impacted than those with administrative rights.

Restart Requirement

This update may require a restart.

Bulletins Replaced by This Update

MS09-024 and MS10-105.

Full Details

http://technet.microsoft.com/security/bulletin/MS12-028

Jeffa

Digg This