June 2012 - Microsoft Releases 7 Security Advisories

  Severity: HIGH
  Advisory Date: JUN 12, 2012

  DESCRIPTION

Microsoft addresses the following vulnerabilities in its June batch of patches:



  • (MS12-036) Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939)
    Risk Rating: Critical

    A vulnerability in the Remote Desktop Protocol (RDP) exists in the way that it accesses an object in memory that changed or is deleted. More information is found here.


  • (MS12-037) Cumulative Security Update for Internet Explorer (2699988)
    Risk Rating: Critical

    This update resolves several vulnerabilities in Internet Explorer versions 6 to 9. Successfully exploiting any of the vulnerabilities allows an attacker to execute code of choice on the affected system. Read more here.


  • (MS12-038) Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)
    Risk Rating: Critical

    When exploited, a vulnerability in several versions of Microsoft .NET Framework could allow an attacker to execute code remotely. Logged on users with administrative rights are highly impacted by this vulnerability. Read more here.


  • (MS12-039) Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)
    Risk Rating: Important

    This update corrects vulnerabilities existing in the handling of TrueType fonts, loading of external library files, and sanitizing HTML content by a specific function in Lync. More information can be found here.


  • (MS12-040) Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)
    Risk Rating: Important

    A cross-site scripting vulnerability in Microsoft Dynamics AX Enterprise Portal. The attacker must lure a potential victim to click on a specially crafted URL that hosts an exploit to the said vulnerability. Read more here.


  • (MS12-041) Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162)
    Risk Rating: Important

    This update resolves five vulnerabilities in Windows, all of which allows elevation of privilege when successfully exploited. Read more here.


  • (MS12-042) Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)
    Risk Rating: Important

    This update corrects handling of system requests done by Windows User Mode Scheduler and managing BIOS ROM. Read more here.


  TREND MICRO PROTECTION INFORMATION

Trend Micro Deep Security shields the following vulnerabilities using the specified rules. Trend Micro customers using OfficeScan with the Intrusion Defense Firewall plugin are also protected from attacks using these vulnerabilities.

Microsoft Bulletin ID Vulnerability ID Rule Number & Title Deep Security Pattern Version Deep Security Pattern Release Date
MS12-037 CVE-2012-1523 1005058 - Center Element Remote Code Execution Vulnerability (CVE-2012-1523) 12-015 Jun 12, 2012
CVE-2012-1858 1005059 - Internet Explorer HTML Sanitization Vulnerability (CVE-2012-1858) 12-015 Jun 12, 2012
CVE-2012-1873 1005053 - Null Byte Information disclosure Vulnerability (CVE-2012-1873) 12-015 Jun 12, 2012
CVE-2012-1874 1005055 - Developer Toolbar Remote Code Execution Vulnerability (CVE-2012-1874) 12-015 Jun 12, 2012
CVE-2012-1875 1005051 - Internet Explorer Same ID Property Remote Code Execution Vulnerability (CVE-2012-1875) 12-015 Jun 12, 2012
CVE-2012-1876 1005056 - Internet Explorer Col Element Remote Code Execution Vulnerability (CVE-2012-1876) 12-015 Jun 12, 2012
CVE-2012-0184 1005005 - Microsoft Excel SXLI Record Memory Corruption Vulnerability (CVE-2012-0184) 12-015 Jun 12, 2012
CVE-2012-1877 1005052 - Internet Explorer Title Element Change Remote Code Execution Vulnerability (CVE-2012-1877) 12-015 Jun 12, 2012
CVE-2012-1878 1005048 - Internet Explorer 'OnBeforeDeactivate' Event Remote Code Execution Vulnerability (CVE-2012-1878) 12-015 Jun 12, 2012
CVE-2012-1879 1005054 - Internet Explorer 'insertAdjacentText' Remote Code Execution Vulnerability (CVE-2012-1879) 12-015 Jun 12, 2012
CVE-2012-1880 1005060 - Internet Explorer InsertRow Remote Code Execution Vulnerability (CVE-2012-1880) 12-015 Jun 12, 2012
CVE-2012-1881 1005062 - Internet Explorer OnRowsInserted Event Remote Code Execution Vulnerability (CVE-2012-1881) 12-015 Jun 12, 2012
MS12-038 CVE-2012-1855 1005057 - Microsoft .NET Framework Memory Access Vulnerability (CVE-2012-1855) 12-015 Jun 12, 2012
MS12-040 CVE-2012-1857 1000552 - Generic Cross Site Scripting (XSS) Prevention Jul 18, 2006
MS12-039 CVE-2012-1849 1005049 - Microsoft Lync Insecure Library Loading Vulnerability Over WebDAV (CVE-2012-1849) 12-015 Jun 12, 2012
1005050 - Microsoft Lync Insecure Library Loading Vulnerability Over Network Share (CVE-2012-1849) 12-015 Jun 12, 2012



This release also includes a rule that blocks unauthorized use of Microsoft Certificates. Apply the rule 1005040 - Detected Unauthorized Digital Certificate to protect from components of the malware WORM_FLAMER.A and TROJ_FLAMER.CFG, which actively uses unauthorized MS certificates.



The rule 1000552 - Generic Cross Site Scripting (XSS) Prevention is not applicable to the Intrusion Defense Firewall (IDF) plugin.

  SOLUTION