12345

4/12/2012

Microsoft Security Bulletin Summary for April 2012

1. Introduction

Microsoft(MS)'s regular security updates were released for April 2012.
Users who use MS OS strongly recommended update to be safe from Vulnerability in Internet Explorer, Vulnerability in in Windows Could Allow Remote Code Execution, Vulnerability in .NET Framework Could Allow Remote Code Execution, Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure, Vulnerability in Windows Common Controls Could Allow Remote Code Execution, and Vulnerability in Microsoft Office Could Allow Remote Code Execution.



2. Update details
 
[Important]
[MS12-023] Cumulative Security Update for Internet Explorer (2675157)
 
Vulnerability: Print Feature Remote Code Execution Vulnerability- CVE-2012-0168
JScript9 Remote Code Execution Vulnerability- CVE-2012-0169
OnReadyStateChange Remote Code Execution Vulnerability- CVE-2012-0170
SelectAll Remote Code Execution Vulnerability- CVE-2012-0171
VML Style Remote Code Execution Vulnerability- CVE-2012-0172

This security update resolves five privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Affected Softwares

- Internet Explorer 6 with Windows XP Service Pack 3
- Internet Explorer 6 with Windows XP Professional x64 Edition SP2
- Internet Explorer 6 with Windows Server 2003 SP2
- Internet Explorer 6 with Windows Server 2003 x64 Edition SP2
- Internet Explorer 6 with Windows Server 2003 with SP2 for Itanium-based Systems
- Internet Explorer 7 with Windows XP SP3
- Internet Explorer 7 with Windows XP Professional x64 Edition SP2
- Internet Explorer 7 with Windows Server 2003 SP2
- Internet Explorer 7 with Windows Server 2003 x64 Edition SP2
- Internet Explorer 7 with Windows Server 2003 with SP2 for Itanium-based Systems
- Internet Explorer 7 whit Windows Vista SP2
- Internet Explorer 7 with Windows Vista x64 Edition SP2
- Internet Explorer 7 with Windows Server 2008 for 32-bit Systems SP2
- Internet Explorer 7 with Windows Server 2008 for x64-based Systems SP2
- Internet Explorer 7 with Windows Server 2008 for Itanium-based Systems SP2
- Internet Explorer 8 with Windows XP SP3
- Internet Explorer 8 with Windows XP Professional x64 Edition SP2
- Internet Explorer 8 with Windows Server 2003 SP2
- Internet Explorer 8 with Windows Server 2003 x64 Edition SP2
- Internet Explorer 8 with Windows 7 for 32-bit and Windows 7 for 32-bit SP1
- Internet Explorer 8 with Windows 7 for x64-based and Windows 7 for x64-based SP1
- Internet Explorer 8 whit Windows Vista SP2
- Internet Explorer 8 with Windows Vista x64 Edition SP2
- Internet Explorer 8 with Windows Server 2008 for 32-bit Systems SP2
- Internet Explorer 8 with Windows Server 2008 for 64-bit Systems SP2
- Internet Explorer 8 with Windows 2008 R2 for x64-based Systems SP1
- Internet Explorer 8 with Windows 2008 R2 for Itanium-based Systems SP1
- Internet Explorer 9 with Windows Vista SP2
- Internet Explorer 9 with Windows Vista x64 Edition SP2
- Internet Explorer 9 with Windows Server 2008 for 32-bit SP2
- Internet Explorer 9 with Windows Server 2008 for 64-bit Itanium-based Systems SP2
- Internet Explorer 9 with Windows 7 for 32-bit and Windows 7 for 32-bit SP1
- Internet Explorer 9 with Windows 7 for x64-based and Windows 7 for x64-based SP1
- Internet Explorer 9 with Windows Server 2008 R2 for 64-bit and Windows Server 2008 R2 for 64-bit SP1

- Reference site

http://technet.microsoft.com/en-us/security/bulletin/MS12-023



[Critical]
[MS12-024] Vulnerability in Windows Could Allow Remote Code Execution (2653956)
 
Vulnerability: WinVerifyTrust Signature Validation Vulnerability- CVE-2012-0151

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user or application runs or installs a specially crafted, signed portable executable (PE) file on an affected system.

Affected Softwares

- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 SP2 Itanium-based
- Windows Vista SP2
- Windows Vista x64 Edition SP2
- Windows Server 2008 for 32bit and Windows 2008 for 32bit SP2
- Windows Server 2008 for x64-based and Windows Server 2008 for x64-based SP2
- Windows Server 2008 for Itanium-based and Windows Server 2008 for Itanium SP2
- Windows 7 for 32-bit and Windows 7 for 32bit SP1
- Windows 7 for x64-based and Windows 7 for x64-based SP1
- Windows Server 2008 R2 for x64-based and Windows Server R2 for x64-based SP1
- Windows Server 2008 R2 for Itanium-based and Windows Server 2008 R2 for Itanium SP1

- Reference site

http://technet.microsoft.com/en-us/security/bulletin/MS12-024



[Critical]
[MS12-025] Vulnerability in .NET Framework Could Allow Remote Code Execution (2671605)

Vulnerability: WinVerifyTrust Signature Validation Vulnerability- CVE-2012-0151

This security update resolves one privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. In a web browsing attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.

Affected Softwares

- Windows XP SP3 for Microsoft .NET Framework 1.0 SP3
- Windows XP SP3 for Microsoft .NET Framework 1.1 SP1
- Windows XP SP3 for Microsoft .NET Framework 2.0 SP2
- Windows XP SP3 for Microsoft .NET Framework 4
- Windows XP Professional x64 Edition SP2 for Microsoft .NET Framework 1.0 SP3
- Windows XP Professional x64 Edition SP2 for Microsoft .NET Framework 2.0 SP2
- Windows XP Professional x64 Edition SP2 for Microsoft .NET Framework 4
- Windows Server 2003 SP2 for Microsoft .NET Framework 1.1 SP1
- Windows Server 2003 SP2 for Microsoft .NET Framework 2.0 SP2
- Windows Server 2003 SP2 for Microsoft .NET Framework 4
- Windows Server 2003 x64 Edition SP2 for Microsoft .NET Framework 1.1 SP1
- Windows Server 2003 x64 Edition SP2 for Microsoft .NET Framework 2.0 SP2
- Windows Server 2003 x64 Edition SP2 for Microsoft .NET Framework 4
- Windows Server 2003 SP2 Itanium-based for Microsoft .NET Framework 1.1 SP1
- Windows Server 2003 SP2 Itanium-based for Microsoft .NET Framework 2.0 SP2
- Windows Server 2003 SP2 Itanium-based for Microsoft .NET Framework 4
- Windows Vista SP2 for Microsoft .NET Framework 1.1 SP2
- Windows Vista SP2 for Microsoft .NET Framework 2.0 SP2
- Windows Vista SP2 for Microsoft .NET Framework 4
- Windows Vista x64 Edition SP2 for Microsoft .NET Framework 1.1 SP2
- Windows Vista x64 Edition SP2 for Microsoft .NET Framework 2.0 SP2
- Windows Vista x64 Edition SP2 for Microsoft .NET Framework 4
- Windows 2008 for 32bit SP2 for Microsoft .NET Framework 1.1 SP1
- Windows 2008 for 32bit SP2 for Microsoft .NET Framework 2.0 SP2
- Windows 2008 for 32bit SP2 for Microsoft .NET Framework 4
- Windows Server 2008 for x64-based SP2 for Microsoft .NET Framework 1.1 SP1
- Windows Server 2008 for x64-based SP2 for Microsoft .NET Framework 2.0 SP2
- Windows Server 2008 for x64-based SP2 for Microsoft .NET Framework 4
- Windows Server 2008 for Itanium SP2 for for Microsoft .NET Framework 1.1 SP1
- Windows Server 2008 for Itanium SP2 for for Microsoft .NET Framework 2.0 SP2
- Windows Server 2008 for Itanium SP2 for Microsoft .NET Framework 4
- Windows 7 for 32-bit for Microsoft .NET Framework 3.5.1
- Windows 7 for 32-bit for Microsoft .NET Framework 4
- Windows 7 for 32bit SP1 for Microsoft .NET Framework 3.5.1
- Windows 7 for 32bit SP1 for Microsoft .NET Framework 4
- Windows 7 for x64-based for Microsoft .NET Framework 3.5.1
- Windows 7 for x64-based SP1 for Microsoft .NET Framework 4
- Windows Server 2008 R2 for x64-based for Microsoft .NET Framework 3.5.1*
- Windows Server 2008 R2 for x64-based for Microsoft .NET Framework 4
- Windows Server 2008 R2 for x64-based SP1 for Microsoft .NET Framework 3.5.1*
- Windows Server 2008 R2 for x64-based SP1 for Microsoft .NET Framework 4
- Windows Server 2008 R2 for Itanium-based for Microsoft .NET Framework 3.5.1
- Windows Server 2008 R2 for Itanium-based for Microsoft .NET Framework 4
- Windows Server 2008 R2 for Itanium SP1 for Microsoft .NET Framework 3.5.1
- Windows Server 2008 R2 for Itanium SP1 for Microsoft .NET Framework 4

- Reference site

http://technet.microsoft.com/en-us/security/bulletin/MS12-025



[Important]
[MS12-026] Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860)

Vulnerability: UAG Blind HTTP Redirect Vulnerability- CVE-2012-0146
Unfiltered Access to UAG Default Website Vulnerability- CVE-2012-0147

This security update resolves two privately reported vulnerabilities in Microsoft Forefront Unified Access Gateway (UAG). The more severe of the vulnerabilities could allow information disclosure if an attacker sends a specially crafted query to the UAG server.

Affected Softwares

- Microsoft Forefront Unified Access Gateway 2010 SP1
- Microsoft Forefront Unified Access Gateway 2010 SP1 Update 1

- Reference site

http://technet.microsoft.com/en-us/security/bulletin/MS12-026



[Critical]
[MS12-027] Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)

Vulnerability: MSCOMCTL.OCX RCE Vulnerability- CVE-2012-0158

This security update resolves a privately disclosed vulnerability in Windows common controls. The vulnerability could allow remote code execution if a user visits a website containing specially crafted content designed to exploit the vulnerability. In all cases, however, an attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website. The malicious file could be sent as an email attachment as well, but the attacker would have to convince the user to open the attachment in order to exploit the vulnerability.

Affected Softwares

- Microsoft Office 2003 SP3
- Microsoft Office 2003 Web Components SP3
- Microsoft Office 2007 SP2
- Microsoft Office 2007 SP3
- Microsoft Office 2010 (32-bit editions)
- Microsoft Office 2010 Service Pack 1 (32-bit editions)
- Microsoft SQL Server 2000 Analysis Services SP4
- Microsoft SQL Server 2000 SP4
- Microsoft SQL Server 2005 Express Edition with Advanced Services SP4
- Microsoft SQL Server 2005 for 32-bit Systems SP4
- Microsoft SQL Server 2005 for Itanium-based Systems SP4
- Microsoft SQL Server 2005 for x64-based Systems SP4
- Microsoft SQL Server 2008 for 32-bit Systems SP2
- Microsoft SQL Server 2008 for 32-bit Systems SP3
- Microsoft SQL Server 2008 for x64-based Systems SP2
- Microsoft SQL Server 2008 for x64-based Systems SP3
- Microsoft SQL Server 2008 for Itanium-based Systems SP2
- Microsoft SQL Server 2008 for Itanium-based Systems SP3
- Microsoft SQL Server 2008 R2 for 32-bit Systems
- Microsoft SQL Server 2008 R2 for x64-based Systems
- Microsoft SQL Server 2008 R2 for Itanium-based Systems
- Microsoft BizTalk Server 2002 SP1
- Microsoft Commerce Server 2002 SP4
- Microsoft Commerce Server 2007 SP2
- Microsoft Commerce Server 2009
- Microsoft Commerce Server 2009 R2
- Microsoft Visual FoxPro 8.0 SP1
- Microsoft Visual FoxPro 9.0 SP2
- Visual Basic 6.0 Runtime

- Reference site

http://technet.microsoft.com/en-us/security/bulletin/MS12-027



[Important]
[MS12-028] Vulnerability in Microsoft Office Could Allow Remote Code Execution (2639185)

Vulnerability: Office WPS Converter Heap Overflow Vulnerability- CVE-2012-0177

This security update resolves a privately reported vulnerability in Microsoft Office and Microsoft Works. The vulnerability could allow remote code execution if a user opens a specially crafted Works file. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Affected Softwares

- Microsoft Office 2007 SP2
- Microsoft Works 9
- Microsoft Works 6–9 File Converter

- Reference site

http://technet.microsoft.com/en-us/security/bulletin/MS12-028

17 comments:

  1. If you examine this blog article you will find some useful info on how to write good essay. Make sure to check it out because its worth it

    ReplyDelete
  2. It might be similarly as advantageous for the one being paid, however despite everything they need to pay somewhere in the range of 1 and 3% to the card guarantor, so if a proprietor has somebody paying $Custom Research Paper Helpin real money and another paying $1000 in Visa they'd profit on the money paying client. The Visa client would finish up costing them around 20 bucks in handling charges.

    ReplyDelete
  3. But each one is a mile marker of who I have been and the roads I have traveled. And it is my choice to look upon my memories and appreciate my self, sags and all. You are going to sag with or without the ink. People are so critical and so ready and quick to judge other people. Accept your own divinity and reflect it back by honoring it in others. Everyone has the right to choose. dating acronyms

    ReplyDelete
  4. We are number 1 in task assignment help in usa, uk and australia . We offer the best task help on the web and scholarly composition administration.


    ReplyDelete

  5. Being an academic writer from past 5 years providing assignment help to college and university students also associated with Myassignmenthelp platform. I am dedicated in providing best online academic writing services to the college students at the affordable rates.

    ReplyDelete
  6. StudentsAssignmentHelp.com serves the best custom essay help services to the students. We are 3000+ professional assignment writers who delivers custom essay writing services outstandingly to the students.

    ReplyDelete
  7. Get Good Marks in Assignment is big deal for students so mostly students prefer Essay writers Ireland for Essay Writing. Get discounted assignment help at very cheap cost and maintain high grades in academics for better future.

    ReplyDelete
  8. Every single student is searching for a proper essay generator who can understand the need of the work and do the essay completely flawless. However, it often happens that students fail to figure out who can be one of the best instant essay typer for their work.Choose Myassignmenthelp.com.
    Academic essay writing has been a parameter to judge the merits of the students for a long time. The present time is none the less. In fact, as time is passing by, students are having more and more requirements to write an essay that will be graded. Hence seeking Do my essay help is on the rise and it will be.

    ReplyDelete
  9. GB WhatsApp APK is a standout amongst the best options to WhatsApp. They have numerous highlights which are secured in the first WhatsApp and offer the opportunity to individuals to utilize it as they need.
    https://gbwhatsappplus.com/
    https://gbwhatsappplus.com/gb-whatsapp-plus-apk-download/

    ReplyDelete
  10. Get proposal writing help services by the qualified and experienced assignment experts of Students Assignment Help. Our professional tutors are fluent in writing assignment as they are degree holder from top colleges and universities around the world.

    ReplyDelete
  11. Great educational post. I really enjoyed it, because it is very nice. Thanks for sharing. Programming Assignment Help

    ReplyDelete
  12. Students Assignment Help caters its best assignment assistance for the students. We have 3000+ highly qualified assignment writers.  Our Assignment Writers present law assignment writing services for students with the best quality. They ensure timely delivery of the assignments.

    ReplyDelete
  13. One of the most prominent issues the students have to deal with while writing assignments is plagiarism. Hence, they extensively use plagiarism checker to check if there are any copied content in the paper.
    Another major reason for using free plagiarism checker is that universities do not accept plagiarized content. Plagiarism is a serious offence. Hence, if found, the students are suspended or might even lose the grades.
    Due to these limitations, it is evident that the plagiarism checking & wordcounter tool are not at all effective to check plagiarism. The term plagiarism is actually very broad. It is merely not coping with words. But these tools, unfortunately, detect words but not ideas. Hence, the chances of plagiarized papers remain.

    ReplyDelete

  14. Personal statement writing is kind of an application where you need to write about yourself. This is kind of bio data that you present in your university for higher studies or for any job. Thus, it is an important part and you also need to follow certain rules and regulations while writing the same. Here are some of the basic rules of writing a personal statement. how to write a personal statement 

    ReplyDelete
  15. Irelandassignmenthelp.com always win the heart of Ireland students by satisfying them to completing their essay writing service dublin with high quality and on time delivery at lower cost.

    ReplyDelete
  16. Get essay writing services at anytime anywhere in Singapore and maintain your position in college. Our experts are more proficient and skilled in assignment writing and also offer error free Homework help in singapore services for your academic life.

    ReplyDelete