Latest Security Advisories & Notable Vulnerabilities

Microsoft addresses the following vulnerabilities in its December batch of patches:


  • (MS12-077) Cumulative Security Update for Internet Explorer (2761465)
    Risk Rating: Critical

    This patch addresses vulnerabilities in Internet Explorer. When successfully exploited via a specially crafted web page, it could result to remote code execution thus compromising the security of the infected system. Read more here.


  • (MS12-078) Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534)
    Risk Rating: Critical

    This patch addresses two vulnerabilities in Microsoft Windows that when exploited could result to remote code execution. It can be exploited via a specially crafted document or through a malicious website with embedded TrueType or OpenType font files. Read more here.


  • (MS12-079) Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642)
    Risk Rating: Critical

    This patch addresses a vulnerability in Microsoft Office that could result in remote code execution when successfully exploited via a specially crafted .RTF file. Read more here.


  • (MS12-080) Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126)
    Risk Rating: Critical

    This patch addresses vulnerabilities in Microsoft Exchange Server, which could allow remote code execution on the transcoding service on the Exchange server via a specially crafted file using Outlook Web App (OWA). Read more here.


  • (MS12-081) Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857)
    Risk Rating: Critical

    This patch addresses a vulnerability in Microsoft Windows, which could be exploited when a users browses a folder/file with a specially crafted filename. Read more here.


  • (MS12-082) Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660)
    Risk Rating: Important

    This patch addresses a vulnerability in Microsoft Windows, which could allow remote code execution thus compromising the security of the infected system. Read more here.


  • (MS12-083) Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809)
    Risk Rating: Important

    This patch addresses a vulnerability in Microsoft Windows, which could bypass the security feature via a revoked certificate to an IP-HTTPS server used in Microsoft DirectAccess deployments. Read more here.


Microsoft addresses the following vulnerabilities in its November batch of patches:


  • (MS12-071) Cumulative Security Update for Internet Explorer (2761451)
    Risk Rating: Critical

    This patch addresses vulnerabilities in Internet Explorer that could allow remote code execution via a specially crafted web page. Read more here.


  • (MS12-072) Vulnerabilities in Windows Shell Could Allow Remote Code Execution (2727528)
    Risk Rating: Critical

    This patch addresses vulnerabilities in Microsoft Windows, which could allow remote code execution via a specially crafted briefcase in Windows Explorer. Read more here.


  • (MS12-073) Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information Disclosure (2733829)
    Risk Rating: Medium

    This patch addresses two vulnerabilities affecting Microsoft Internet Information Services (IIS). Read more here.


  • (MS12-074) Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2745030)
    Risk Rating: Critical

    This patch addresses vulnerabilities existing in the .NET Framework. Read more here.


  • (MS12-075) Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2761226)
    Risk Rating: Critical
    This patch addresses vulnerabilities affecting Microsoft Windows. Read more here.


  • (MS12-076) Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2720184)
    Risk Rating: Important

    This patch addresses vulnerabilities existing in Microsoft Office, which could allow remote code execution once users opens a specially crafted Excel file. Read more here.


Microsoft addresses the following vulnerabilities in its October batch of patches:


  • (MS12-064) Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319)
    Risk Rating: Critical

    This security update addresses vulnerabilities affecting Microsoft Office. When successfully exploited, it could allow remote code execution via a specially crafted .RTF file. Read more here.


  • (MS12-065) Vulnerability in Microsoft Works Could Allow Remote Code Execution (2754670)
    Risk Rating: Important

    This patch addresses a vulnerability affecting Microsoft Works that exists in Microsoft Works 9. Read more here.


  • (MS12-066) Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517)
    Risk Rating: Important

    This patch addresses a vulnerability affecting Microsoft Office, Microsoft Communications Platforms, Microsoft Server software, and Microsoft Office Web Apps. Read more here.


  • (MS12-067) Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2742321)
    Risk Rating: Important

    This patch addresses vulnerabilities existing in Microsoft FAST Search Server 2010 for SharePoint. When exploited, it could allow remote code execution in the security context (user accounts) with a token. Read more here.


  • (MS12-068) Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2724197)
    Risk Rating: Important

    This patch addresses a vulnerability existing in all supported releases of Microsoft Windows with the exception of Windows 8 and Windows Server 2012. Read more here.


  • (MS12-069) Vulnerability in Kerberos Could Allow Denial of Service (2743555)
    Risk Rating: Important

    This patch addresses a vulnerability existing in Microsoft Windows. It could allow denial of service attacks when a remote attacker sends a specially crafted request to the Kerberos server. Read more here.


  • (MS12-070) Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849)
    Risk Rating: Important

    This patch addresses a vulnerability existing in Microsoft SQL Server on systems with SQL Server Reporting Services (SSRS). It is a cross-site scripting vulnerability that could allow attackers to execute arbitrary commands on the SSRS site. Read more here.


(MS12-063) Cumulative Security Update for Internet Explorer (2744842)
 Severity:    
 Advisory Date:  21 Sep 2012

This security update addresses one publicly disclosed and four privately reported vulnerabilities in Internet Explorer versions 6, 7, 8, and 9. The most severe of the vulnerabilities was found able to allow arbitrary code execution when exploited. This same vulnerability was earlier reported to have been used in targeted attacks and leading to remote access tools (RATs).

Additional details of the mentioned vulnerability can be found here:

A remote code execution vulnerability in Internet Explorer versions 6, 7, 8, and 9 is being used in some targeted attacks. Visiting a website or webpage where the exploit is hosted may automatically run the exploit. Trend Micro detects the exploit as HTML_EXPDROP.II.

Note that this vulnerability does not affect Internet Explorer 10. The following Windows Server Core Installations are also not affected:

  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 R2 for x64-based Systems
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2012

Microsoft addresses the following vulnerabilities in its September batch of patches:



  • ((MS12-061) Vulnerability in Visual Studio Team Foundation Server Could Allow Elevation of Privilege (2719584)
    Risk Rating: Important

    This bulletin addresses a cross-site scripting vulnerability found in Visual Studio Team Foundation Server. Read more here.


  • (MS12-062) Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege (2741528)
    Risk Rating: Important

    This bulletin resolves a cross-site scripting (XSS) vulnerability found in certain versions of System Center Configuration Manager. Read more here.

Microsoft addresses the following vulnerabilities in its August batch of patches:



  • (MS12-052) Cumulative Security Update for Internet Explorer (2722913)
    Risk Rating: Critical

    This bulletin patches four identified vulnerabilities that exist in version 6-9 of the Internet Explorer browser. Attackers looking to exploit these vulnerabilities lures users to open or view a specially crated webpage. Read more here.


  • (MS12-053) Vulnerability in Remote Desktop Could Allow Remote Code Execution (2723135)
    Risk Rating: Critical

    Microsoft issues a patch that resolves a vulnerability found in the Remote Desktop Protocol (RDP) in Windows XP SP3 systems. The vulnerability exists in the way deleted objects are accessed by RDP. Read more here.


  • (MS12-054) Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution (2733594)
    Risk Rating: Critical

    This bulletin resolves four vulnerabilities that exist in the Windows networking components and print spooler. Exploitation of these vulnerabilities involves an attacker sending a specially crated response to a Windows print/networking request. Read more here.


  • (MS12-055) Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2731847)
    Risk Rating: Important

    This patch resolves an elevation of privilege vulnerability found in the handling of objects in memory done by the Windows kernel-mode driver. Read more here.


  • (MS12-056) Vulnerability in JScript and VBScript Engines Could Allow Remote Code Execution (2706045)
    Risk Rating: Important

    This bulletin resolves a remote code execution vulnerability found in the scripting engines JScript and VBScript in Windows 64-bit systems. Read more here.


  • (MS12-057) Vulnerability in Microsoft Office Could Allow Remote Code Execution (2731879)
    Risk Rating: Important

    Microsoft issues a patch that resolves a remote code execution vulnerability existing in several versions of MS Office. Read more here.


  • (MS12-058) Vulnerabilities in Microsoft Exchange Server WebReady Document Viewing Could Allow Remote Code Execution (2740358)
    Risk Rating: Critical

    This patch resolves several vulnerabilities that are present in the Microsoft Exchange Server WebReady Document View feature. Attackers who are looking to exploit this vulnerability may send a specially crafted file that can be viewed by a user using the Outlook Web Access in a browser. Read more here.


  • (MS12-059) Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2733918)
    Risk Rating: Important

    Microsoft issues a patch for a remote code execution vulnerability that exists in the way certain versions of MS Visio parses specially crafted files. Read more here.


  • (MS12-060) Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2720573)
    Risk Rating: Critical

    This update resolves a vulnerability in MSCOMCTL.OCX, which is found in a host of Microsoft products. When successfully exploited, the vulnerability allows an attacker to remotely execute any code on the vulnerable system. Read more here.


Microsoft addresses the following vulnerabilities in its July batch of patches:



  • (MS12-043) Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479)
    Risk Rating: Critical

    This update resolves a vulnerability that exists in version of Microsoft XML Core Services that could allow remote code execution when successfully exploited. More information is found here.


  • (MS12-044) Cumulative Security Update for Internet Explorer (2719177)
    Risk Rating: Critical

    This update resolves two vulnerabilities that may allow remote code execution when successfully exploited on affected systems. Read more here.


  • (MS12-045) Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365)
    Risk Rating: Critical

    This update resolves a vulnerability that exists in Microsoft Data Access Components. The vulnerability lies in the way that MDAC attempt to access improperly initialized objects in memory. Read more here.


  • (MS12-046) Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960)
    Risk Rating: Important

    This update resolves the vulnerability that exists in the handling of DLL files in Microsoft Visual Basic for Applications. More information can be found here.


  • (MS12-047) Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2718523)
    Risk Rating: Important

    This update resolves two privilege elevation vulnerabilities that exist in Windows Kernel. Read more here.


  • (MS12-048) Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442)
    Risk Rating: Important

    This update resolves the vulnerability that exists in Windows operating systems' way in handling files and folder names. Read more here.


  • (MS12-049) Vulnerability in TLS Could Allow Information Disclosure (2655992)
    Risk Rating: Important

    This update resolves the information disclosure vulnerability that exists in TLS protocol in Windows. Read more here.


  • (MS12-050) Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)
    Risk Rating: Important

    This update resolves several vulnerabilities affecting InfoPath, SharePoint Server, SharePoint Services, SharePoint Foundation, Groove Server, and MS Office Web Apps. Read more here.


  • (MS12-051) Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015)
    Risk Rating: Important

    This update resolves a vulnerability identified in MS Office for Mac that could allow remote code execution when successfully exploited. Read more here.


Microsoft addresses the following vulnerabilities in its June batch of patches:



  • (MS12-036) Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939)
    Risk Rating: Critical

    A vulnerability in the Remote Desktop Protocol (RDP) exists in the way that it accesses an object in memory that changed or is deleted. More information is found here.


  • (MS12-037) Cumulative Security Update for Internet Explorer (2699988)
    Risk Rating: Critical

    This update resolves several vulnerabilities in Internet Explorer versions 6 to 9. Successfully exploiting any of the vulnerabilities allows an attacker to execute code of choice on the affected system. Read more here.


  • (MS12-038) Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)
    Risk Rating: Critical

    When exploited, a vulnerability in several versions of Microsoft .NET Framework could allow an attacker to execute code remotely. Logged on users with administrative rights are highly impacted by this vulnerability. Read more here.


  • (MS12-039) Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)
    Risk Rating: Important

    This update corrects vulnerabilities existing in the handling of TrueType fonts, loading of external library files, and sanitizing HTML content by a specific function in Lync. More information can be found here.


  • (MS12-040) Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)
    Risk Rating: Important

    A cross-site scripting vulnerability in Microsoft Dynamics AX Enterprise Portal. The attacker must lure a potential victim to click on a specially crafted URL that hosts an exploit to the said vulnerability. Read more here.


  • (MS12-041) Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162)
    Risk Rating: Important

    This update resolves five vulnerabilities in Windows, all of which allows elevation of privilege when successfully exploited. Read more here.


  • (MS12-042) Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)
    Risk Rating: Important

    This update corrects handling of system requests done by Windows User Mode Scheduler and managing BIOS ROM. Read more here.


Microsoft reports a vulnerability that exists in several versions of Microsoft XML Core Services. The vulnerability exists when MSXML attempts to access an object in memory that is not present. Attackers who attempt to exploit the said vulnerability must lure potential targets to view a specially crafted webpage using Internet Explorer. Typically, attackers may use social engineering lures to get users to click on a link contained in an email or an instant message. Attackers who successfully exploit this vulnerability may execute code on the affected system.



Note that Microsoft specifies that Internet Explorer on the following Windows operating systems successfully mitigates this vulnerability:

  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2008 R2