Assessing risk for the July 2012 security updates - Security Research & Defense - Site Home

Today we released nine security bulletins addressing 16 CVE’s. Three of the bulletins have a maximum severity rating of Critical and the other six have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.

Bulletin	Most likely attack vector	Max Bulletin Severity	Max Exploit-ability	Likely first 30 days impact	Platform mitigations and key notes
MS12-043 (MSXML)	Victim browses to a malicious webpage.	Critical	1	We are aware of active attacks leveraging CVE-2012-1889, the single CVE addressed with this bulletin.	All active attacks we have seen leveraged MSXML version 3. MSXML versions 3, 4, and 6 are addressed with this update. MSXML 5 will be addressed in a future security update. Read this SRD blog post for more information about the mitigating factors making the MSXML 5 less severe than other versions of the product.
MS12-045 (MDAC)	Victim browses to a malicious webpage.	Critical	1	Likely to see reliable exploits developed within next 30 days.
MS12-044 (Internet Explorer)	Victim browses to a malicious webpage.	Critical	1	Likely to see reliable exploits developed within next 30 days.	Both vulnerabilities affect only Internet Explorer version 9. Versions 6, 7, and 8 are not affected.
MS12-046 (DLL Preloading in Visual Basic for Applications [VBA])	Victim navigates to a malicious WebDAV or SMB share and double-clicks on an Office document. Malicious DLL in same folder loads within the Office application, running arbitrary attacker code.	Important	1	We are aware of limited, targeted attacks leveraging CVE-2012-1854, the single CVE addressed with this bulletin.	Affects only a subset of locales where IMESHARE.DLL is not present by default, primarily far eastern locales. Does not, for example, affects English locale installations by default.
MS12-048 (Windows Shell)	Victim navigates to a malicious WebDAV or SMB share and double-clicks on a file in a malicious directory.	Important	1	Likely to see reliable exploits developed within next 30 days.
MS12-047 (Windows drivers [win32k.sys])	Attacker running code on a machine already elevates from low-privileged account to SYSTEM.	Important	1	Likely to see an exploit released granting a local attacker SYSTEM level access.
MS12-050 (SharePoint)	Attacker sends victim a link exploiting a Cross-Site Scripting (XSS) vulnerability on a SharePoint server for which they have access rights. When the victim clicks the link, an automatic action is taken on their behalf on the SharePoint server that they otherwise might not have wanted to execute.	Important	1	Likely to see a XSS exploit developed in next 30 days (no exploit here for code execution on the SharePoint server itself).	The IE XSS Filter (on by default on IE8 and IE9) blocks attempts to exploit these vulnerabilities.
MS12-049 (SSL / TLS)	Victim browses to a trusted website via HTTPS. A malicious attacker positioned on the network as a man-in-the-middle under certain circumstances can potentially decrypt the encrypted data.	Important	3	A variant of this issue that does not affect Windows has been discussed publicly. We have seen proof-of-concept code attempting to exploit the similar issue. However, we believe reliable exploitation of this issue on Windows is unlikely due to the nature of the vulnerability.
MS12-051 (Mac Office installer)	Victim who has installed Office for Mac 2011 on a multi-user Mac system may inadvertently launch malicious executable placed by a malicious user of the same system due to ACL changes made by the Mac Office installer.	Important	1	Likely to see reliable exploits developed within next 30 days.	Single user Mac installations, or Mac installations where no malicious users are able to replace files, are not vulnerable.

Today we’re releasing Security Advisory 2719662, which allows system administrators to disable the Windows Sidebar and Gadgets on supported versions of Windows Vista and Windows 7 with one Fix it click. And we are releasing Security Advisory 2728973 announcing the availability of an update that moves additional certificates into the Untrusted Certificate Store. This SRD blog post provides additional information about the digital certificates advisory.

- Jonathan Ness, MSRC Engineering