Microsoft Security Bulletin Coverage (July 10, 2012)

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of July, 2012. A list of issues reported, along with Dell SonicWALL coverage information follows:

MS12-043 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479)

• CVE-2012-1889 MSXML Uninitialized Memory Corruption Vulnerability
  IPS: 7967 – Microsoft XML Core Services Uninitialized Object Access 1

MS12-044 Cumulative Security Update for Internet Explorer (2719177)

• CVE-2012-1522 Cached Object Remote Code Execution Vulnerability
  IPS: 8124 – HTTP Client Shellcode Exploit 70a
• CVE-2012-1524 Attribute Remove Remote Code Execution Vulnerability
  IPS: 8120 – Suspicious Javascript Attribute Remove Code

MS12-045 Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365)

• CVE-2012-1891 ADO Cachesize Heap Overflow RCE Vulnerability
  IPS: 8119 – Microsoft ADO Cachesize Heap Overflow Exploit

MS12-046 Vulnerabilities in Visual Basic for Applications Could Allow Remote Code Execution (27907960)

• CVE-2012-1854 Visual Basic for Applications Insecure Library Loading Vulnerability
  IPS: 1023 – Binary Planting Attempt 1
  IPS: 5726 – Binary Planting Attempt 2
  IPS: 6847 – Binary Planting Attempt 3

MS12-047 Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2718523)

• CVE-2012-1890 Keyboard Layout Vulnerability
  This is a local vulnerability. There is no feasible method of detection at gateway level.
• CVE-2012-1893 Win32k Incorrect Type Handling Vulnerability
  This is a local vulnerability. There is no feasible method of detection at gateway level.

MS12-048 Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442)

• CVE-2012-0175 Command Injection Vulnerability
  IPS: 8118 – Suspicious Filename Transfer Through SMB

MS12-049 Vulnerability in TLS Could Allow Information Disclosure (2655992)

• CVE-2012-1870 TLS Protocol Vulnerability
  There is no feasible method of detection at gateway level.

MS12-050 Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)

• CVE-2012-1858 HTML Sanitization Vulnerability
  IPS: 7960 – Cross-Site Scripting (XSS) Attempt 32
• CVE-2012-1859 XSS scriptresx.ashx Vulnerability
  IPS: 1849 – Cross-Site Scripting (XSS) Attempt 20
• CVE-2012-1860 Sharepoint Search Scope Vulnerability
  There is no feasible method of detection at gateway level.
• CVE-2012-1861 SharePoint Script in Username Vulnerability
  There is no feasible method of detection at gateway level.
• CVE-2012-1863 Sharepoint Reflected List Parameter Vulnerability
  IPS: 1849 – Cross-Site Scripting (XSS) Attempt 20

MS12-051 Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015)

• CVE-2012-1894 Office for Mac Improper Folder Permissions Vulnerability
  There is no feasible method of detection at gateway level.

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.