Microsoft Security Bulletin: February 2012 Release
Please see details below of the security bulletin being released today and make sure you apply these updates where it makes sense in your environment.
What is the purpose of this alert?
This alert is to provide you with an overview of the new security bulletin(s) being released on February 14, 2012. Security bulletins are released monthly to resolve critical problem vulnerabilities.
New Security Bulletins
Microsoft is releasing the following 9 new security bulletins for newly discovered vulnerabilities:
Bulletin ID
Bulletin Title
Max Severity Rating
Vulnerability Impact
Restart Requirement
Affected Software
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465)
Critical
Remote Code Execution
Requires restart
Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640)
Important
Elevation of Privilege
Requires restart
Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Cumulative Security Update for Internet Explorer (2647516)
Critical
Remote Code Execution
Requires restart
Internet Explorer on Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841)
Important
Elevation of Privilege
May require restart
Microsoft SharePoint Server 2010 and Microsoft SharePoint Foundation 2010.
Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719)
Important
Remote Code Execution
May require restart
Windows Server 2008 and Windows Server 2008 R2.
Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428)
Critical
Remote Code Execution
Requires restart
Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Vulnerability in Indeo Codec Could Allow Remote Code Execution (2661637)
Important
Remote Code Execution
May require restart
Microsoft Windows XP
Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2663510)
Important
Remote Code Execution
May require restart
Microsoft Visio Viewer 2010
Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026)
Critical
Remote Code Execution
May require restart
Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, and Silverlight 4.
Summaries for new bulletin(s) may be found at https://technet.microsoft.com/security/bulletin/MS12-feb.
Microsoft Windows Malicious Software Removal Tool
Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. Information on the Microsoft Windows Malicious Software Removal Tool is available at https://support.microsoft.com/?kbid=890830.
High Priority Non-Security Updates
High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU), or Windows Server Update Services (WSUS) will be detailed in the KB article found at https://support.microsoft.com/?id=894199.
New Security Bulletin Technical Details
In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle website at https://support.microsoft.com/lifecycle/.
|
|
| |
|
| ||
|
| ||
|
| ||
|
|
| |
|
| ||
|
|
| |
|
|
| |
|
| ||
Bulletin Identifier
Microsoft Security Bulletin MS12-009
Bulletin Title
Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640)
Executive Summary
This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. The security update addresses the vulnerabilities by correcting the way that the AFD validates input before passing the input from user-mode to the Windows kernel.
Severity Ratings and Affected Software
This security update is rated Important for all supported editions of Windows XP (except x86-based), Windows Server 2003, Windows Vista (except x86-based), Windows Server 2008 (except x86-based), Windows 7 (except x86-based), and Windows Server 2008 R2.
Attack Vectors
· A maliciously crafted application.
Mitigating Factors
· An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities.
Restart Requirement
This update requires a restart.
Bulletins Replaced by This Update
MS11-080 and MS11-046
Full Details
https://technet.microsoft.com/security/bulletin/MS12-009
Bulletin Identifier
Microsoft Security Bulletin MS12-010
Bulletin Title
Cumulative Security Update for Internet Explorer (2647516)
Executive Summary
This security update resolves four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles content during copy and paste processes, handles objects in memory, and creates and initializes strings.
Severity Ratings and Affected Software
· This security update is rated Critical for Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows clients.
· This security update is rated Moderate for Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows servers.
· This security update is also rated Moderate for Internet Explorer 6 on all supported editions of Windows XP.
Attack Vectors
· A maliciously crafted webpage.
Mitigating Factors
· An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
· Users would have to be persuaded to visit a malicious website.
· By default, all versions of Outlook, Outlook Express, and Windows Mail open HTML email messages in the Restricted Sites zone.
· By default, IE on Windows 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode.
Restart Requirement
This update requires a restart.
Bulletins Replaced by This Update
MS11-099
Full Details
https://technet.microsoft.com/security/bulletin/MS12-010
Bulletin Identifier
Microsoft Security Bulletin MS12-011
Bulletin Title
Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841)
Executive Summary
This security update resolves three privately reported vulnerabilities in Microsoft SharePoint and Microsoft SharePoint Foundation. These vulnerabilities could allow elevation of privilege or information disclosure if a user clicked a specially crafted URL. The security update addresses the vulnerabilities by correcting the way that Microsoft SharePoint validates and sanitizes user input.
Severity Ratings and Affected Software
This security update is rated Important for Microsoft Office SharePoint Server 2010 and Microsoft SharePoint Foundation 2010.
Attack Vectors
· A cross-site scripting attack.
· A specially crafted URL.
Mitigating Factors
· IE 8 and IE 9 users are at a reduced risk because, by default, the XSS Filter prevents this attack in the Internet Zone.
· An attacker could cause arbitrary JavaScript to be run when the user clicks a specially crafted URL, but would not be able to steal the logged-on user's authentication credentials.
Restart Requirement
This update may require a restart.
Bulletins Replaced by This Update
None
Full Details
https://technet.microsoft.com/security/bulletin/MS12-011
Bulletin Identifier
Microsoft Security Bulletin MS12-012
Bulletin Title
Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719)
Executive Summary
This security update resolves one publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .icm or .icc file) that is located in the same directory as a specially crafted dynamic link library (DLL) file. The security update addresses the vulnerability by correcting the manner in which the Color Control Panel loads external libraries.
Severity Ratings and Affected Software
This security update is rated Important for all supported editions of Windows Server 2008 and Windows Server 2008 R2.
Attack Vectors
· Maliciously crafted WebDAV responses.
· Common delivery mechanisms: a maliciously crafted webpage, an email attachment, an instant message, a peer-to-peer file share, a network share, and/or a USB thumb drive.
Mitigating Factors
· An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
· SMB is commonly disabled on the perimeter firewall.
· For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as a .icm or .icc file).
Restart Requirement
This update may require a restart.
Bulletins Replaced by This Update
None
Full Details
https://technet.microsoft.com/security/bulletin/MS12-012
Bulletin Identifier
Microsoft Security Bulletin MS12-013
Bulletin Title
Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428)
Executive Summary
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted media file that is hosted on a website or sent as an email attachment. The security update addresses the vulnerability by modifying the way that the msvcrt dynamic link library (DLL) calculates the size of data structures in memory.
Severity Ratings and Affected Software
This security update is rated Critical for all supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Attack Vectors
· A maliciously crafted media file.
· Common delivery mechanisms: a maliciously crafted webpage, an email attachment, an instant message, a peer-to-peer file share, a network share, and/or a USB thumb drive
Mitigating Factors
· An attacker who successfully exploited the vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
· Exploitation only gains the same user rights as the logged-on account.
· Users would have to be persuaded to visit a malicious website or to open an email attachment.
Restart Requirement
This update requires a restart.
Bulletins Replaced by This Update
None
Full Details
https://technet.microsoft.com/security/bulletin/MS12-013
Bulletin Identifier
Microsoft Security Bulletin MS12-014
Bulletin Title
Vulnerability in Indeo Codec Could Allow Remote Code Execution (2661637)
Executive Summary
This security update resolves one publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .avi file) that is located in the same directory as a specially crafted dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user. The security update addresses the vulnerability by correcting the manner in which the Indeo Codec loads external libraries.
Severity Ratings and Affected Software
This security update is rated Important for Windows XP Service Pack 3.
Attack Vectors
· A maliciously crafted file share or WebDAV location.
· A maliciously crafted .AVI file.
Mitigating Factors
· If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
· SMB is commonly disabled on the perimeter firewall.
· A user must be persuaded to visit an untrusted remote file system location or WebDAV share and open a media file (such as an .avi file).
Restart Requirement
This update may require a restart.
Bulletins Replaced by This Update
None
Full Details
https://technet.microsoft.com/security/bulletin/MS12-014
Bulletin Identifier
Microsoft Security Bulletin MS12-015
Bulletin Title
Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2663510)
Executive Summary
This security update resolves five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. The security update addresses the vulnerabilities by correcting the way that Microsoft Visio Viewer validates data when parsing specially crafted Visio files.
Severity Ratings and Affected Software
This security update is rated Important for all supported editions of Microsoft Visio Viewer 2010.
Attack Vectors
· A maliciously crafted Visio file.
· Common delivery mechanisms: a maliciously crafted webpage, an email attachment, an instant message, a peer-to-peer file share, a network share, and/or a USB thumb drive.
Mitigating Factors
· An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
· Users would have to be persuaded to visit a malicious website.
· By default, all versions of Outlook, Outlook Express, and Windows Mail open HTML email messages in the Restricted Sites zone.
· By default, IE on Windows 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode.
Restart Requirement
This update may require a restart.
Bulletins Replaced by This Update
The Microsoft Office update MS11-089 when applied to systems running Microsoft Visio Viewer 2010.
Full Details
https://technet.microsoft.com/security/bulletin/MS12-015
Bulletin Identifier
Microsoft Security Bulletin MS12-015
Bulletin Title
Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2663510)
Executive Summary
This security update resolves five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. The security update addresses the vulnerabilities by correcting the way that Microsoft Visio Viewer validates data when parsing specially crafted Visio files.
Severity Ratings and Affected Software
This security update is rated Important for all supported editions of Microsoft Visio Viewer 2010.
Attack Vectors
· A maliciously crafted Visio file.
· Common delivery mechanisms: a maliciously crafted webpage, an email attachment, an instant message, a peer-to-peer file share, a network share, and/or a USB thumb drive.
Mitigating Factors
· An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
· Users would have to be persuaded to visit a malicious website.
· By default, all versions of Outlook, Outlook Express, and Windows Mail open HTML email messages in the Restricted Sites zone.
· By default, IE on Windows 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode.
Restart Requirement
This update may require a restart.
Bulletins Replaced by This Update
The Microsoft Office update MS11-089 when applied to systems running Microsoft Visio Viewer 2010.
Full Details
https://technet.microsoft.com/security/bulletin/MS12-015
Jeffa
Technorati Tags: Security Bulletins,Patching,Updates