Security News

Microsoft Security Bulletin Coverage (Dec 11, 2012)

By

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of December, 2012. A list of issues reported, along with Dell SonicWALL coverage information follows:

MS12-077 Cumulative Security Update for Internet Explorer

  • CVE-2012-4781 InjectHTMLStream Use After Free Vulnerability
    Attack cannot be detected on the wire.
  • CVE-2012-4782 CMarkup Use After Free Vulnerability
    Attack cannot be detected on the wire.
  • CVE-2012-4787 Improper Ref Counting Use After Free Vulnerability
    IPS:9341 – Windows IE Improper Ref Counting Use After Free Exploit

MS12-078 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution

  • CVE-2012-2556 OpenType Font Parsing Vulnerability
    GAV:Malformed.otf.MP.8
  • CVE-2012-4786 TrueType Font Parsing Vulnerability
    No known exploits exist in the wild.

MS12-079 Vulnerability in Microsoft Word Could Allow Remote Code Execution

  • CVE-2012-2539 Word RTF ‘listoverridecount’ Remote Code Execution Vulnerability
    IPS:9342 – MS Word RTF listoverridecount Memory Corruption Exploit

MS12-080 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution

  • CVE-2012-3214 Oracle Outside In Technology Vulnerability
    Local vulnerability.
  • CVE-2012-3217 Oracle Outside In Technology Vulnerability
    Local vulnerability.
  • CVE-2012-4791 RSS Feed May Cause Exchange DoS Vulnerability
    Attack cannot be detected on the wire.

MS12-081 Vulnerability in Windows File Handling Component Could Allow Remote Code Execution

  • CVE-2012-4774 Windows Filename Parsing Vulnerability
    IPS:9346 – MS Windows Filename Parsing Exploit

MS12-082 Vulnerability in DirectPlay Could Allow Remote Code Execution

  • CVE-2012-1537 DirectPlay Heap Overflow Vulnerability
    IPS:9347 – Suspicious Office Document 1 IPS:9348 – Suspicious Office Document 2 IPS:9349 – Suspicious Office Document 3 IPS:9350 – Suspicious Office Document 4 IPS:9351 – Suspicious Office Document 5 IPS:9352 – Suspicious Office Document 6 IPS:9353 – Suspicious Office Document 7

MS12-083 Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass

  • CVE-2012-2549 Revoked Certificate Bypass Vulnerability
    Attack cannot be detected on the wire.
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
Data stealing trojan found in the wild (August 14, 2015)
Cyber Security News & Trends – 01-18-19
New Phishing campaign targets Bank of America Merrill Lynch customers
Android Malware stealing user information (Oct 14, 2011)
Adobe Embedded JBIG2 Stream BO (Feb 27, 2009)
Microsoft IE Zero day CVE-2018-8653
Microsoft SharePoint server flaw CVE-2019-0604 actively being exploited in the wild
This Ransomware is still in the Christmas spirit (Jan 10, 2017)