Microsoft Security Bulletin Coverage (April 10, 2012)


SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of April, 2012. The summary from the vendor can be found at here. A list of issues reported, along with SonicWALL coverage information follows:

MS12-023 Cumulative Security Update for Internet Explorer (2675157)

  • CVE-2012-0168 Print Feature Remote Code Execution Vulnerability
    No public information is available.
  • CVE-2012-0169 JScript9 Remote Code Execution Vulnerability
    Race condition, not detetable on the wire.
  • CVE-2012-0170 OnReadyStateChange Remote Code Execution Vulnerability
    IPS: 7694
  • CVE-2012-0171 SelectAll Remote Code Execution Vulnerability
    IPS: 7695
  • CVE-2012-0172 VML Style Remote Code Execution Vulnerability
    IPS: 7696

MS12-024 Vulnerability in Windows Could Allow Remote Code Execution (2653956)

  • CVE-2012-0151 WinVerifyTrust Signature Validation Vulnerability
    SPY: 3583

MS12-025 Vulnerability in .NET Framework Could Allow Remote Code Execution (2671605)

  • CVE-2012-0163 .NET Framework Parameter Validation Vulnerability
    SPY: 3584

MS12-026 Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860)

  • CVE-2012-0146 UAG Blind HTTP Redirect Vulnerability
    No public information is available.
  • CVE-2012-0147 Unfiltered Access to UAG Default Website Vulnerability
    Cannot distinguish between normal and attack traffic.

MS12-027 Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)

MS12-028 Vulnerability in Microsoft Office Could Allow for Remote Code Execution (2639185)

  • CVE-2012-0177 Office WPS Converter Heap Overflow Vulnerability
    SPY: 3582
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.