Microsoft Security Bulletin: April 2012 Release
This month the magic number is 6! Please see below details of this month’s security bulletin release.
What is the purpose of this alert?
This alert is to provide you with an overview of the new security bulletin(s) being released on April 10, 2012. Security bulletins are released monthly to resolve critical problem vulnerabilities.
New Security Bulletins
Microsoft is releasing the following six new security bulletins for newly discovered vulnerabilities:
Bulletin ID |
Bulletin Title |
Max Severity Rating |
Vulnerability Impact |
Restart Requirement |
Affected Software |
|---|---|---|---|---|---|
Cumulative Security Update for Internet Explorer (2675157) |
Critical |
Remote Code Execution |
Requires restart |
Microsoft Internet Explorer on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. |
|
Vulnerability in Windows Could Allow Remote Code Execution (2653956) |
Critical |
Remote Code Execution |
Requires restart |
Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. |
|
Vulnerability in .NET Framework Could Allow Remote Code Execution (2671605) |
Critical |
Remote Code Execution |
May require restart |
.NET Framework on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. |
|
Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860) |
Important |
Information Disclosure |
May require restart |
Microsoft Forefront United Access Gateway 2010 |
|
Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258) |
Critical |
Remote Code Execution |
May require restart |
Microsoft Office 2003, Office 2003 Web Components, Office 2007, Office 2010 (32-bit), SQL Server 2000, SQL Server 2005, SQL Server 2008, SQL Server 2008 R2, BizTalk Server, Commerce Server, Visual FoxPro 8.0, Visual FoxPro 9.0, and Visual Basic 6.0 Runtime. |
|
Vulnerability in Microsoft Office Could Allow Remote Code Execution (2639185) |
Important |
Remote Code Execution |
May require restart |
Microsoft Office 2007, Works 9, and Works 6-9 File Converter. |
Summaries for new bulletin(s) may be found at https://technet.microsoft.com/security/bulletin/MS12-apr.
Microsoft Windows Malicious Software Removal Tool
Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. Information on the Microsoft Windows Malicious Software Removal Tool is available at https://support.microsoft.com/?kbid=890830.
High Priority Non-Security Updates
High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU), or Windows Server Update Services (WSUS) will be detailed in the KB article found at https://support.microsoft.com/?id=894199.
Security Bulletin Technical Details
In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle website at https://support.microsoft.com/lifecycle/.
Bulletin Identifier |
Microsoft Security Bulletin MS12-023 |
|---|---|
Bulletin Title |
Cumulative Security Update for Internet Explorer (2675157) |
Executive Summary |
This security update resolves five privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles the printing of specially crafted HTML content and the way that Internet Explorer handles objects in memory. |
Severity Ratings and Affected Software |
This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows servers. |
Attack Vectors |
· A specially crafted HTML page. · Common delivery mechanisms: a maliciously crafted webpage, an email attachment, an instant message, a peer-to-peer file share, a network share, and/or a USB thumb drive. |
Mitigating Factors |
· Users would have to be convinced to visit the website, typically by getting them to click a link in an email message or instant message that takes them to the attacker's website. · Users who operate with fewer rights will be less impacted than those with administrative rights. · By default, Internet Explorer on Windows 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode. · By default, all supported versions of Outlook, Outlook Express, and Windows Mail open HTML email messages in the Restricted Sites zone. · Internet Explorer 8 and Internet Explorer 9 are not affected by CVE-2012-0170. |
Restart Requirement |
This update requires a restart. |
Bulletins Replaced by This Update |
MS12-010 |
Full Details |
Bulletin Identifier |
Microsoft Security Bulletin MS12-023 |
|---|---|
Bulletin Title |
Cumulative Security Update for Internet Explorer (2675157) |
Executive Summary |
This security update resolves five privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles the printing of specially crafted HTML content and the way that Internet Explorer handles objects in memory. |
Severity Ratings and Affected Software |
This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows servers. |
Attack Vectors |
· A specially crafted HTML page. · Common delivery mechanisms: a maliciously crafted webpage, an email attachment, an instant message, a peer-to-peer file share, a network share, and/or a USB thumb drive. |
Mitigating Factors |
· Users would have to be convinced to visit the website, typically by getting them to click a link in an email message or instant message that takes them to the attacker's website. · Users who operate with fewer rights will be less impacted than those with administrative rights. · By default, Internet Explorer on Windows 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode. · By default, all supported versions of Outlook, Outlook Express, and Windows Mail open HTML email messages in the Restricted Sites zone. · Internet Explorer 8 and Internet Explorer 9 are not affected by CVE-2012-0170. |
Restart Requirement |
This update requires a restart. |
Bulletins Replaced by This Update |
MS12-010 |
Full Details |
Bulletin Identifier |
Microsoft Security Bulletin MS12-025 |
|---|---|
Bulletin Title |
Vulnerability in .NET Framework Could Allow Remote Code Execution (2671605) |
Executive Summary |
This security update resolves one privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs).
The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.
The security update addresses the vulnerability by correcting the manner in which the Microsoft .NET Framework validates parameters when passing data to a function. |
Severity Ratings and Affected Software |
This security update is rated Critical for Microsoft .NET Framework 1.0 Service Pack 3, Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5.1, and Microsoft .NET Framework 4 on all supported editions of Microsoft Windows. |
Attack Vectors |
· A maliciously crafted webpage. · A specially crafted XAML browser application. · A specially crafted Windows .NET application. |
Mitigating Factors |
· Users would have to be convinced to visit the website, typically by getting them to click a link in an email message or instant message that takes them to the attacker's website. · By default, Internet Explorer on Windows 2003, Windows 2008, and Windows 2008 R2 runs in a restricted mode. · Users who operate with fewer rights will be less impacted than those with administrative rights. · By default, anonymous users are not allowed to upload and run Microsoft .NET code on IIS. · Standard .NET Framework applications are not affected by this vulnerability. |
Restart Requirement |
This update may require a restart. |
Bulletins Replaced by This Update |
None |
Full Details |
Bulletin Identifier |
Microsoft Security Bulletin MS12-026 |
|---|---|
Bulletin Title |
Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860) |
Executive Summary |
This security update resolves two privately reported vulnerabilities in Microsoft Forefront Unified Access Gateway (UAG). The more severe of the vulnerabilities could allow information disclosure if an attacker sends a specially crafted query to the UAG server.
The security update addresses the vulnerabilities by modifying UAG code to require further verification before redirecting a user to another website, and by modifying the UAG server's default binding settings to not allow unfiltered access to internal resources. |
Severity Ratings and Affected Software |
This security update is rated Important for Microsoft Forefront Unified Access Gateway 2010 Service Pack 1 and Microsoft Forefront Unified Access Gateway 2010 Service Pack 1 Update 1. |
Attack Vectors |
· Specially crafted website. · Specially crafted HTTPS query to the UAG server. |
Mitigating Factors |
· Users would have to be convinced to visit the website, typically by getting them to click a link in an email message or instant message that takes them to the attacker's website. |
Restart Requirement |
This update may require a restart. |
Bulletins Replaced by This Update |
None |
Full Details |
Bulletin Identifier |
Microsoft Security Bulletin MS12-027 |
|---|---|
Bulletin Title |
Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258) |
Executive Summary |
This security update resolves a privately disclosed vulnerability in Windows common controls. The vulnerability could allow remote code execution if a user visits a website containing specially crafted content designed to exploit the vulnerability.
The security update addresses the vulnerability by disabling the vulnerable version of the Windows common controls and replacing it with a new version that does not contain the vulnerability. |
Severity Ratings and Affected Software |
This security update is rated Critical for all supported Microsoft software that included the Windows common controls in their default installations. |
Attack Vectors |
· A specially crafted website. · A specially crafted Office and/or WordPad file. |
Mitigating Factors |
· Users would have to be convinced to visit the website, typically by getting them to click a link in an email message or instant message that takes them to the attacker's website. · Cannot be exploited automatically through email, because a user must open a file contained in an email message. · Users who operate with fewer rights will be less impacted than those with administrative rights. |
Restart Requirement |
This update may require a restart. |
Bulletins Replaced by This Update |
MS09-004 on SQL 2000 only. |
Full Details |
Bulletin Identifier |
Microsoft Security Bulletin MS12-028 |
|---|---|
Bulletin Title |
Vulnerability in Microsoft Office Could Allow Remote Code Execution (2639185) |
Executive Summary |
This security update resolves a privately reported vulnerability in Microsoft Office and Microsoft Works. The vulnerability could allow remote code execution if a user opens a specially crafted Works file.
The security update addresses the vulnerability by deprecating the vulnerable Microsoft Works converter. Customers should use the latest version of the Microsoft Works converter, which is not affected by the vulnerability. After the update is installed, customers with the deprecated Microsoft Works converter, who have not already downloaded the latest version of the Microsoft Works converter, will be prompted when attempting to open a Works file with instructions on how to download the latest version of the Microsoft Works converter. |
Severity Ratings and Affected Software |
This security update is rated Important for Microsoft Office 2007 Service Pack 2, Microsoft Works 9, and the Microsoft Works 6–9 File Converter. |
Attack Vectors |
· Specially crafted .wps file. · Common delivery mechanisms: a maliciously crafted webpage, an email attachment, an instant message, a peer-to-peer file share, a network share, and/or a USB thumb drive. |
Mitigating Factors |
· Cannot be exploited automatically through email, because a user must click a link listed within an email message. · Users would have to be convinced to visit the website, typically by getting them to click a link in an email message or instant message that takes them to the attacker's website. · Users who operate with fewer rights will be less impacted than those with administrative rights. |
Restart Requirement |
This update may require a restart. |
Bulletins Replaced by This Update |
MS09-024 and MS10-105. |
Full Details |
Jeffa
Technorati Tags: Security Bulletins,Updates,Patching