Latest Security Advisories & Notable Vulnerabilities

Microsoft addresses the following vulnerabilities in its July batch of patches:



  • (MS12-043) Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479)
    Risk Rating: Critical

    This update resolves a vulnerability that exists in version of Microsoft XML Core Services that could allow remote code execution when successfully exploited. More information is found here.


  • (MS12-044) Cumulative Security Update for Internet Explorer (2719177)
    Risk Rating: Critical

    This update resolves two vulnerabilities that may allow remote code execution when successfully exploited on affected systems. Read more here.


  • (MS12-045) Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365)
    Risk Rating: Critical

    This update resolves a vulnerability that exists in Microsoft Data Access Components. The vulnerability lies in the way that MDAC attempt to access improperly initialized objects in memory. Read more here.


  • (MS12-046) Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960)
    Risk Rating: Important

    This update resolves the vulnerability that exists in the handling of DLL files in Microsoft Visual Basic for Applications. More information can be found here.


  • (MS12-047) Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2718523)
    Risk Rating: Important

    This update resolves two privilege elevation vulnerabilities that exist in Windows Kernel. Read more here.


  • (MS12-048) Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442)
    Risk Rating: Important

    This update resolves the vulnerability that exists in Windows operating systems' way in handling files and folder names. Read more here.


  • (MS12-049) Vulnerability in TLS Could Allow Information Disclosure (2655992)
    Risk Rating: Important

    This update resolves the information disclosure vulnerability that exists in TLS protocol in Windows. Read more here.


  • (MS12-050) Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)
    Risk Rating: Important

    This update resolves several vulnerabilities affecting InfoPath, SharePoint Server, SharePoint Services, SharePoint Foundation, Groove Server, and MS Office Web Apps. Read more here.


  • (MS12-051) Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015)
    Risk Rating: Important

    This update resolves a vulnerability identified in MS Office for Mac that could allow remote code execution when successfully exploited. Read more here.


Microsoft addresses the following vulnerabilities in its June batch of patches:



  • (MS12-036) Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939)
    Risk Rating: Critical

    A vulnerability in the Remote Desktop Protocol (RDP) exists in the way that it accesses an object in memory that changed or is deleted. More information is found here.


  • (MS12-037) Cumulative Security Update for Internet Explorer (2699988)
    Risk Rating: Critical

    This update resolves several vulnerabilities in Internet Explorer versions 6 to 9. Successfully exploiting any of the vulnerabilities allows an attacker to execute code of choice on the affected system. Read more here.


  • (MS12-038) Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)
    Risk Rating: Critical

    When exploited, a vulnerability in several versions of Microsoft .NET Framework could allow an attacker to execute code remotely. Logged on users with administrative rights are highly impacted by this vulnerability. Read more here.


  • (MS12-039) Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)
    Risk Rating: Important

    This update corrects vulnerabilities existing in the handling of TrueType fonts, loading of external library files, and sanitizing HTML content by a specific function in Lync. More information can be found here.


  • (MS12-040) Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)
    Risk Rating: Important

    A cross-site scripting vulnerability in Microsoft Dynamics AX Enterprise Portal. The attacker must lure a potential victim to click on a specially crafted URL that hosts an exploit to the said vulnerability. Read more here.


  • (MS12-041) Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162)
    Risk Rating: Important

    This update resolves five vulnerabilities in Windows, all of which allows elevation of privilege when successfully exploited. Read more here.


  • (MS12-042) Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)
    Risk Rating: Important

    This update corrects handling of system requests done by Windows User Mode Scheduler and managing BIOS ROM. Read more here.


Microsoft reports a vulnerability that exists in several versions of Microsoft XML Core Services. The vulnerability exists when MSXML attempts to access an object in memory that is not present. Attackers who attempt to exploit the said vulnerability must lure potential targets to view a specially crafted webpage using Internet Explorer. Typically, attackers may use social engineering lures to get users to click on a link contained in an email or an instant message. Attackers who successfully exploit this vulnerability may execute code on the affected system.



Note that Microsoft specifies that Internet Explorer on the following Windows operating systems successfully mitigates this vulnerability:

  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2008 R2

Microsoft addresses the following vulnerabilities in its May batch of patches:



  • (MS12-029) Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)
    Risk Rating: Critical

    A vulnerability exists in the way affected versions of MS Office parse RTF data. An attacker could send a target a specially crafted RTF file to exploit this vulnerability. More information is found here.


  • (MS12-030) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2663830)
    Risk Rating: Important

    This security update resolves a vulnerability found in the Windows Authenticode Signature Verification. The vulnerability exists in the way the said function verifies portable executable (PE) files. Read more here.


  • (MS12-031) Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2597981)
    Risk Rating: Important

    A vulnerability in the way MS Visio handles specially crafted files could allow an attacker to take control of the vulnerable system. Logged on users that have lesser privileges on the affected system are less impacted by the effects of this vulnerability. Read more here.


  • (MS12-032) Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338)
    Risk Rating: Important

    This update resolves the two vulnerabilities in affected Windows versions. When exploited, the more critical of these vulnerabilities could allow an attacker to elevate his privileges on the affected computer. More information can be found here.


  • (MS12-033) Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533)
    Risk Rating: Important

    A vulnerability in the way Windows Partition Manager handles device relation requests could allow an attacker to run code on an affected system. When successfully exploited, the attacker can run programs or change data. Read more here.


  • (MS12-034) Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)
    Risk Rating: Critical

    This bulletin addresses a number of vulnerabilities reported for the Windows, MS Office, .NET Framework, and Silverlight. It replaces several earlier bulleltins issued for some vulnerabilities. Read more here.


  • (MS12-035) Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777)
    Risk Rating: Critical

    This update resolves vulnerabilities in some versions of the .NET Framework. When a vulnerable system accesses a specially crafted webpage via browser that runs XAML Browser Applications (XBAPs), the system may be exploited by an attacker to execute code remotely. Read more here.


Adobe Flash Player Object Confusion Vulnerability (CVE-2012-0779)
 Severity:    
 Advisory Date:  04 May 2012
Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability," as exploited in the wild in May 2012.

Microsoft addresses the following vulnerabilities in its April batch of patches:



  • (MS12-023) Cumulative Security Update for Internet Explorer (2675157)
    Risk Rating: Critical

    This security update resolves several reported vulnerabilities found in Internet Explorer 6, 7, 8, and 9. Any of the said versions of Internet Explorer installed on normal Windows operating systems are more vulnerable than that of same versions installed on Windows server operating systems. More information is found here.


  • (MS12-024) Vulnerability in Windows Could Allow Remote Code Execution (2653956)
    Risk Rating: Critical

    This security update resolves a vulnerability found in the Windows Authenticode Signature Verification. The vulnerability exists in the way the said function verifies portable executable (PE) files. Read more here.


  • (MS12-025) Vulnerability in .NET Framework Could Allow Remote Code Execution (2671605)
    Risk Rating: Critical

    This security update resolves a vulnerability found in the .NET Framework that when exploited could allow remote code execution. The vulnerability exists on several versions of .NET Framework installed on specific Windows operating systems. Read more here.


  • (MS12-026) Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860)
    Risk Rating: Important

    Two vulnerabilities found in several versions of Microsoft Forefront Unified Access Gateway 2010 are resolved by applying this particular update. When exploited, one of the vulnerabilities may allow information disclosure. More information can be found here.


  • (MS12-027) Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)
    Risk Rating: Critical

    This particular security update resolves a vulnerability in Windows common controls. The said function is found in several Microsoft applications. When the vulnerability is successfully exploited, a remote attacker could execute code on the vulnerable system. Read more here.


  • (MS12-028) Vulnerability in Microsoft Office Could Allow Remote Code Execution (2639185)
    Risk Rating: Important

    A vulnerability found in Microsoft Office 2007 and Microsoft Works is solved by applying this particular update. Users who do not have administrator privileges on an affected system are less affected by this vulnerability. Read more here.


This security update addresses two privately reported vulnerabilities in the Remote Desktop Protocol, which may result to code execution if an attacker sends specially crafted rdp packets to an affected system. The Remote Desktop Protocol (RDP) is not defaultly enabled on Windows Operating system, thus those systems with unabled RDP are not affected.

There are reports indicating the emergence of proof of concept code in the wild. Trend Micro is able to provide solutions against PoC code related to this vulnerability.

Below are details of the two vulnerabilities:

Microsoft Bulletin ID Vulnerability ID
MS12-020 Remote Desktop Protocol Vulnerability (CVE-2012-0002)
MS12-020 Terminal Server Denial of Service Vulnerability (CVE-2012-0152)

Microsoft addresses the following vulnerabilities in its March batch of patches:

  • (MS12-017) Vulnerability in DNS Server Could Allow Denial of Service (2647170)
    Risk Rating: Important

    This update resolves a privately reported vulnerability in Microsoft Windows that could allow denial of service if a remote unauthenticated attacker sends a specially crafted DNS query to the target DNS server. Read more here.


  • (MS12-018) Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2641653)
    Risk Rating: Important

    This update resolves a privately reported vulnerability in Microsoft Windows that could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. Read more here.


  • (MS12-019) Vulnerability in DirectWrite Could Allow Denial of Service (2665364)
    Risk Rating: Medium

    This update resolves a publicly disclosed vulnerability in Windows DirectWrite. In an Instant Messenger-based attack scenario, the vulnerability could allow denial of service if an attacker sends a specially crafted sequence of Unicode characters directly to an Instant Messenger client. Read more here.


  • (MS12-020) Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)
    Risk Rating: Critical

    This security update resolves two privately reported vulnerabilities in the Remote Desktop Protocol. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. Read more here.


  • (MS12-021) Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019)
    Risk Rating: Important

    This security update resolves one privately reported vulnerability in Visual Studio. The vulnerability could allow elevation of privilege if an attacker places a specially crafted add-in in the path used by Visual Studio and convinces a user with higher privileges to start Visual Studio. Read more here.


  • (MS12-022) Vulnerability in Expression Design Could Allow Remote Code Execution (2651018)
    Risk Rating: Important

    This security update resolves one privately reported vulnerability in Microsoft Expression Design. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .xpr or .DESIGN file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Read more here.


Microsoft addresses the following vulnerabilities in its February batch of patches:

  • (MS12-008) Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465)
    Risk Rating: Critical

    This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if a user visits a website containing specially crafted content or if a specially crafted application is run locally. Read more here.


  • (MS12-009) Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640)
    Risk Rating: Important

    This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. Read more here.


  • (MS12-010) Cumulative Security Update for Internet Explorer (2647516)
    Risk Rating: Critical

    This security update resolves four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted web page using Internet Explorer. Read more here.


  • (MS12-011) Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841)
    Risk Rating: Important

    This security update resolves three privately reported vulnerabilities in Microsoft SharePoint and Microsoft SharePoint Foundation. Read more here.


  • (MS12-012) Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719)
    Risk Rating: Important

    This security update resolves one publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .icm or .icc file) that is located in the same directory as a specially crafted dynamic link library (DLL) file. Read more here.


  • (MS12-013) Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428)
    Risk Rating: Critical

    This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted media file that is hosted on a website or sent as an email attachment. Read more here.


  • (MS12-014) Vulnerability in Indeo Codec Could Allow Remote Code Execution (2661637)
    Risk Rating: Important

    This security update resolves one publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .avi file) that is located in the same directory as a specially crafted dynamic link library (DLL) file. Read more here.


  • (MS12-015) Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2663510)
    Risk Rating: Important

    This security update resolves five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file.. Read more here.


  • (MS12-016) Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026)
    Risk Rating: Critical

    This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. Read more here.


Microsoft addresses the following vulnerabilities in its January batch of patches:

  • (MS12-001) Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)
    Risk Rating: Important

    This vulnerability could allow an attacker to bypass the SafeSEH security feature in a software application. An attacker could then use other vulnerabilities to leverage the structured exception handler to run arbitrary code. Only software applications that were compiled using Microsoft Visual C .NET 2003 can be used to exploit this vulnerability. Read more here.


  • (MS12-002) Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381)
    Risk Rating: Important

    This vulnerability could allow remote code execution if a user opens a legitimate file with an embedded packaged object that is located in the same network directory as a specially crafted executable file. Read more here.


  • (MS12-003) Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)
    Risk Rating: Important

    This vulnerability allows elevation of privilege if an attacker logs onto an affected system and runs a specially crafted application. The attacker could then take complete control of the affected system and install programs; view, change, or delete data; or create new accounts with full user rights. Read more here.


  • (MS12-004) Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)
    Risk Rating: Critical

    The vulnerabilities could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploits the vulnerabilities could gain the same user rights as the local user. Read more here.


  • (MS12-005) Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)
    Risk Rating: Important

    This vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file containing a malicious embedded ClickOnce application.Read more here.


  • (MS12-006) Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)
    Risk Rating: Important

    This security update resolves a publicly disclosed vulnerability in SSL 3.0 and TLS 1.0. Read more here.


  • (MS12-007) Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664)
    Risk Rating: Important

    This vulnerability could allow information disclosure if a an attacker passes a malicious script to a website using the sanitization function of the AntiXSS Library. Read more here.