- Threat Encyclopedia
- Vulnerabilities
- Latest Security Advisories & Notable Vulnerabilities
Microsoft addresses the following vulnerabilities in its July batch of patches:
Microsoft addresses the following vulnerabilities in its June batch of patches:
Microsoft reports a vulnerability that exists in several versions of Microsoft XML Core Services. The vulnerability exists when MSXML attempts to access an object in memory that is not present. Attackers who attempt to exploit the said vulnerability must lure potential targets to view a specially crafted webpage using Internet Explorer. Typically, attackers may use social engineering lures to get users to click on a link contained in an email or an instant message. Attackers who successfully exploit this vulnerability may execute code on the affected system.
Note that Microsoft specifies that Internet Explorer on the following Windows operating systems successfully mitigates this vulnerability:
Microsoft addresses the following vulnerabilities in its May batch of patches:
Microsoft addresses the following vulnerabilities in its April batch of patches:
This security update addresses two privately reported vulnerabilities in the Remote Desktop Protocol, which may result to code execution if an attacker sends specially crafted rdp packets to an affected system. The Remote Desktop Protocol (RDP) is not defaultly enabled on Windows Operating system, thus those systems with unabled RDP are not affected.
There are reports indicating the emergence of proof of concept code in the wild. Trend Micro is able to provide solutions against PoC code related to this vulnerability.
Below are details of the two vulnerabilities:
Microsoft Bulletin ID | Vulnerability ID |
---|---|
MS12-020 | Remote Desktop Protocol Vulnerability (CVE-2012-0002) |
MS12-020 | Terminal Server Denial of Service Vulnerability (CVE-2012-0152) |