SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of June, 2012. A list of issues reported, along with SonicWALL coverage information follows:

MS12-036 Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939)

• CVE-2012-0173 Remote Desktop Protocol Vulnerability
  There is no feasible method of detection at gateway level.

MS12-037 Cumulative Security Update for Internet Explorer (2699988)

• CVE-2012-1523 Center Element Remote Code Execution Vulnerability
  IPS: 7959 – Microsoft IE Center Element Exploit

• CVE-2012-1858 HTML Sanitization Vulnerability
  IPS: 7960 – Cross-Site Scripting (XSS) Attempt 32

• CVE-2012-1872 EUC-JP Character Encoding Vulnerability
  There is no feasible method of detection.

• CVE-2012-1873 Null Byte Information Disclosure Vulnerability
  IPS: 7961 – Microsoft IE Null Byte Information Disclosure Exploit

• CVE-2012-1874 Developer Toolbar Remote Code Execution Vulnerability
  IPS: 7962 – Microsoft IE Developer Toolbar Memory Corruption

• CVE-2012-1875 Same ID Property Remote Code Execution Vulnerability
  IPS: 7963 – Microsoft IE Same ID Property Exploit

• CVE-2012-1876 Col Element Remote Code Execution Vulnerability
  IPS: 7454 – HTTP Client Shellcode Exploit 35a

• CVE-2012-1877 Title Element Change Remote Code Execution Vulnerability
  GAV: 20231 – Malformed-File html.MP.5

• CVE-2012-1878 OnBeforeDeactivate Event Remote Code Execution Vulnerability
  GAV: 20228 – Malformed-File html.MP.4

• CVE-2012-1879 insertAdjacentText Remote Code Execution Vulnerability
  IPS: 4665 – HTTP Client Shellcode Exploit 13a

• CVE-2012-1880 insertRow Remote Code Execution Vulnerability
  GAV: 20227 – Malformed-File html.MP.3

• CVE-2012-1881 OnRowsInserted Event Remote Code Execution Vulnerability
  GAV: 20225 – Malformed-File html.MP.2

• CVE-2012-1882 Scrolling Events Information Disclosure Vulnerability
  There is no feasible method of detection.

MS12-038 Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)

• CVE-2012-1855 .NET Framework Memory Access Vulnerability
  IPS: 7964 – Malformed ZIP File 12

MS12-039 Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)

• CVE-2011-3402 TrueType Font Parsing Vulnerability
  GAV: 19421 – Malformed.ttf.MP.1

• CVE-2012-0159 TrueType Font Parsing Vulnerability
  GAV: 18601 – Malformed-File ttf.MP.2

• CVE-2012-1849 Lync Insecure Library Loading Vulnerability
  IPS: 1023 – Binary Planting Attempt 1
  IPS: 5726 – Binary Planting Attempt 2
  IPS: 6847 – Binary Planting Attempt 3

• CVE-2012-1858 HTML Sanitization Vulnerability
  IPS: 7960 – Cross-Site Scripting (XSS) Attempt 32

MS12-040 Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)

• CVE-2012-1857 Dynamics AX Enterprise Portal XSS Vulnerability
  IPS: 1369 – Cross-Site Scripting (XSS) Attempt 1

MS12-041 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162)

• CVE-2012-1864 String Atom Class Name Handling Vulnerability
  This is a local elevation of privilege vulnerability.

• CVE-2012-1865 String Atom Class Name Handling Vulnerability
  This is a local elevation of privilege vulnerability.

• CVE-2012-1866 Clipboard Format Atom Name Handling Vulnerability
  This is a local elevation of privilege vulnerability.

• CVE-2012-1867 Font Resource Refcount Integer Overflow Vulnerability
  This is a local elevation of privilege vulnerability.

• CVE-2012-1868 Win32k.sys Race Condition Vulnerability
  This is a local elevation of privilege vulnerability.

MS12-042 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)

• CVE-2012-0217 User Mode Scheduler Memory Corruption Vulnerability
  This
  is a local elevation of privilege vulnerability.

• CVE-2012-1515 BIOS ROM Corruption Vulnerability
  This is a local elevation of privilege vulnerability.

Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2719615)

• CVE-2012-1889 MSXML Uninitialized Memory Corruption Vulnerability
  IPS: 7967 – ACTIVEX Suspicious ActiveX Method 7
  IPS: 7968 – ACTIVEX Suspicious ActiveX Method 8
  IPS: 7969 – ACTIVEX Suspicious ActiveX Method 9
  IPS: 7970 – ACTIVEX Suspicious ActiveX Method 10
  IPS: 7971 – ACTIVEX Suspicious ActiveX Method 11

SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of December, 2011. A list of issues reported, along with SonicWALL coverage information follows:

MS11-087 Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417)

• CVE-2011-3402 TrueType Font Parsing Vulnerability
  GAV: Malformed.ttf.MP.1

MS11-088 Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016)

• CVE-2011-2010 Pinyin IME Elevation Vulnerability
  This is a local vulnerability.

MS11-089 Vulnerability in Microsoft Office Could Allow Remote Code Execution (2590602)

• CVE-2011-1983 Word Use After Free Vulnerability
  GAV: Malformed.doc.MP.4

MS11-090 Cumulative Security Update of ActiveX Kill Bits (2618451)

• CVE-2011-3397 Microsoft Time Remote Code Execution Vulnerability
  IPS: 7224 – MS IE Time Element Remote Code Execution 1
  IPS: 7225 – MS IE Time Element Remote Code Execution 2

MS11-091 Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2607702)

• CVE-2011-1508 Publisher Function Pointer Overwrite Vulnerability
  No details available.

• CVE-2011-3410 Publisher Out-of-bounds Array Index Vulnerability
  IPS: 7226 – Malformed Publisher Document 3b

• CVE-2011-3411 Publisher Invalid Pointer Vulnerability
  IPS: 7227 – Malformed Publisher Document 4b

• CVE-2011-3412 Publisher Memory Corruption Vulnerability
  IPS: 7228 – Malformed Publisher Document 5b

MS11-092 Vulnerability in Windows Media Could Allow Remote Code Execution (2648048)

• CVE-2011-3401 Windows Media Player DVR-MS Memory Corruption Vulnerability
  GAV: MsApp.Exp.MP.2

MS11-093 Vulnerability in OLE Could Allow Remote Code Execution (2624667)

• CVE-2011-3400 OLE Property Vulnerability
  IPS: 7230 – Malformed Visio Document 4b

MS11-094 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2639142)

• CVE-2011-3396 PowerPoint Insecure Library Loading Vulnerability
  IPS: 5726 – Possible Binary Planting Attempt 1
  IPS: 1023 – Possible Binary Planting Attempt 2
  IPS: 6847 – Possible Binary Planting Attempt 3

• CVE-2011-3413 OfficeArt Shape RCE Vulnerability
  GAV: Malformed.ppt.MP.2

MS11-095 Vulnerability in Active Directory Could Allow Remote Code Execution (2640045)

• CVE-2011-3396 PowerPoint Insecure Library Loading Vulnerability
  It is not possible to distinguish attack from normal traffic.

MS11-096 Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)

• CVE-2011-3403 Record Memory Corruption Vulnerability
  GAV: Malformed.xls.MP.11

MS11-097 Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2620712)

• CVE-2011-3408 CSRSS Local Privilege Elevation Vulnerability
  This is a local vulnerability.

MS11-098 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171)

• CVE-2011-2018 Windows Kernel Exception Handler Vulnerability
  This is a local vulnerability.

MS11-099 Cumulative Security Update for Internet Explorer (2618444)

• CVE-2011-1992 XSS Filter Information Disclosure Vulnerability
  This is a cross domain vulnerability. It is not possible to distinguish attack from normal traffic.

• CVE-2011-2019 Internet Explorer Insecure Library Loading Vulnerability
  IPS: 5726 – Possible Binary Planting Attempt 1
  IPS: 1023 – Possible Binary Planting Attempt 2
  IPS: 6847 – Possible Binary Planting Attempt 3

• CVE-2011-3404 Content-Disposition Information Disclosure Vulnerability
  It is not possible to distinguish attack from normal traffic.