Microsoft Security Bulletin Coverage (Jun 12, 2012)

By

SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of June, 2012. A list of issues reported, along with SonicWALL coverage information follows:

MS12-036 Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939)

  • CVE-2012-0173 Remote Desktop Protocol Vulnerability
    There is no feasible method of detection at gateway level.

MS12-037 Cumulative Security Update for Internet Explorer (2699988)

  • CVE-2012-1523 Center Element Remote Code Execution Vulnerability
    IPS: 7959 – Microsoft IE Center Element Exploit
  • CVE-2012-1858 HTML Sanitization Vulnerability
    IPS: 7960 – Cross-Site Scripting (XSS) Attempt 32
  • CVE-2012-1872 EUC-JP Character Encoding Vulnerability
    There is no feasible method of detection.
  • CVE-2012-1873 Null Byte Information Disclosure Vulnerability
    IPS: 7961 – Microsoft IE Null Byte Information Disclosure Exploit
  • CVE-2012-1874 Developer Toolbar Remote Code Execution Vulnerability
    IPS: 7962 – Microsoft IE Developer Toolbar Memory Corruption
  • CVE-2012-1875 Same ID Property Remote Code Execution Vulnerability
    IPS: 7963 – Microsoft IE Same ID Property Exploit
  • CVE-2012-1876 Col Element Remote Code Execution Vulnerability
    IPS: 7454 – HTTP Client Shellcode Exploit 35a
  • CVE-2012-1877 Title Element Change Remote Code Execution Vulnerability
    GAV: 20231 – Malformed-File html.MP.5
  • CVE-2012-1878 OnBeforeDeactivate Event Remote Code Execution Vulnerability
    GAV: 20228 – Malformed-File html.MP.4
  • CVE-2012-1879 insertAdjacentText Remote Code Execution Vulnerability
    IPS: 4665 – HTTP Client Shellcode Exploit 13a
  • CVE-2012-1880 insertRow Remote Code Execution Vulnerability
    GAV: 20227 – Malformed-File html.MP.3
  • CVE-2012-1881 OnRowsInserted Event Remote Code Execution Vulnerability
    GAV: 20225 – Malformed-File html.MP.2
  • CVE-2012-1882 Scrolling Events Information Disclosure Vulnerability
    There is no feasible method of detection.

MS12-038 Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)

  • CVE-2012-1855 .NET Framework Memory Access Vulnerability
    IPS: 7964 – Malformed ZIP File 12

MS12-039 Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)

  • CVE-2011-3402 TrueType Font Parsing Vulnerability
    GAV: 19421 – Malformed.ttf.MP.1
  • CVE-2012-0159 TrueType Font Parsing Vulnerability
    GAV: 18601 – Malformed-File ttf.MP.2
  • CVE-2012-1849 Lync Insecure Library Loading Vulnerability
    IPS: 1023 – Binary Planting Attempt 1
    IPS: 5726 – Binary Planting Attempt 2
    IPS: 6847 – Binary Planting Attempt 3
  • CVE-2012-1858 HTML Sanitization Vulnerability
    IPS: 7960 – Cross-Site Scripting (XSS) Attempt 32

MS12-040 Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)

  • CVE-2012-1857 Dynamics AX Enterprise Portal XSS Vulnerability
    IPS: 1369 – Cross-Site Scripting (XSS) Attempt 1

MS12-041 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162)

  • CVE-2012-1864 String Atom Class Name Handling Vulnerability
    This is a local elevation of privilege vulnerability.
  • CVE-2012-1865 String Atom Class Name Handling Vulnerability
    This is a local elevation of privilege vulnerability.
  • CVE-2012-1866 Clipboard Format Atom Name Handling Vulnerability
    This is a local elevation of privilege vulnerability.
  • CVE-2012-1867 Font Resource Refcount Integer Overflow Vulnerability
    This is a local elevation of privilege vulnerability.
  • CVE-2012-1868 Win32k.sys Race Condition Vulnerability
    This is a local elevation of privilege vulnerability.

MS12-042 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)

  • CVE-2012-0217 User Mode Scheduler Memory Corruption Vulnerability
    This
    is a local elevation of privilege vulnerability.
  • CVE-2012-1515 BIOS ROM Corruption Vulnerability
    This is a local elevation of privilege vulnerability.

Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2719615)

  • CVE-2012-1889 MSXML Uninitialized Memory Corruption Vulnerability
    IPS: 7967 – ACTIVEX Suspicious ActiveX Method 7
    IPS: 7968 – ACTIVEX Suspicious ActiveX Method 8
    IPS: 7969 – ACTIVEX Suspicious ActiveX Method 9
    IPS: 7970 – ACTIVEX Suspicious ActiveX Method 10
    IPS: 7971 – ACTIVEX Suspicious ActiveX Method 11
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.