Information About Microsoft May 2012 Security Bulletins |
| Microsoft | ||
| << Отчет Microsoft о безопасности Security Intelligence Report Volume 6: Новые данные об ИТ-угрозах в России и мире | Дарьи пынзарь 2012 видео >> |
 Live Video Stream |
 Live Video Stream |
 Questions and Answers |
 © 2012 Microsoft Corporation |
Картинки из презентации «Information About Microsoft May 2012 Security Bulletins» к уроку информатики на тему «Microsoft»
Автор: . Чтобы познакомиться с картинкой полного размера, нажмите на её эскиз. Чтобы можно было использовать все картинки для урока информатики, скачайте бесплатно презентацию «Information About Microsoft May 2012 Security Bulletins.pptx» со всеми картинками в zip-архиве размером 473 КБ.
Information About Microsoft May 2012 Security Bulletins
содержание презентации «Information About Microsoft May 2012 Security Bulletins.pptx»| Сл | Текст | Сл | Текст |
| 1 | Information About Microsoft May 2012 | 9 | successfully exploited this vulnerability |
| Security Bulletins. Dustin Childs Sr. | could run arbitrary code in the context of | ||
| Security Program Manager Microsoft | another process. Mitigating Factors. | ||
| Corporation Pete Voss Sr. Response | Mitigating Factors. CVE-2012-0174: An | ||
| Communications Manager Microsoft | attacker must have valid logon credentials | ||
| Corporation. | and be able to log on locally to exploit | ||
| 2 | Live Video Stream. To receive our | this vulnerability. CVE-2012-0179: | |
| video stream in LiveMeeting: Click on | Microsoft has not identified any | ||
| Voice & Video Click the drop down next | mitigating factors for this vulnerability. | ||
| to the camera icon Select Show Main Video. | CVE-2012-0174: An attacker must have valid | ||
| 3 | What We Will Cover. Review of May 2012 | logon credentials and be able to log on | |
| Bulletin Release Information New Security | locally to exploit this vulnerability. | ||
| Bulletins Security Advisory 2695962 | CVE-2012-0179: Microsoft has not | ||
| Microsoft® Windows® Malicious Software | identified any mitigating factors for this | ||
| Removal Tool Resources Questions and | vulnerability. CVE-2012-0174: An attacker | ||
| Answers: Please Submit Now Submit | must have valid logon credentials and be | ||
| Questions via Twitter #MSFTSecWebcast. | able to log on locally to exploit this | ||
| 4 | Severity and Exploitability Index. | vulnerability. CVE-2012-0179: Microsoft | |
| Exploitability Index. Exploitability | has not identified any mitigating factors | ||
| Index. Exploitability Index. RISK. RISK. | for this vulnerability. CVE-2012-0174: An | ||
| RISK. Severity. Severity. Severity. | attacker must have valid logon credentials | ||
| Severity. IMPACT. IMPACT. IMPACT. IMPACT. | and be able to log on locally to exploit | ||
| 1. 2. 2. 3. 3. 1. 2. Office, Windows, | this vulnerability. CVE-2012-0179: | ||
| .NET, Silverlight. Windows. Windows. | Microsoft has not identified any | ||
| Office. Office. Visio. .NET. DP. MS12-029. | mitigating factors for this vulnerability. | ||
| MS12-030. MS12-031. MS12-032. MS12-033. | Latest Software. Older Versions. | ||
| MS12-034. MS12-035. 1. 2. 3. Critical. | 10 | MS12-033: Vulnerability In Windows | |
| Important. Moderate. Low. | Partition Manager Could Allow Elevation of | ||
| 5 | Bulletin Deployment Priority. MS12-034 | Privilege (2690533). CVE. CVE. Severity. | |
| GDI+/TTF. MS12-029 Word. MS12-035 NETFX. | Severity. Exploitability. Exploitability. | ||
| MS12-030 Office. MS12-031 Visio. MS12-033 | Comment. Comment. Note. Note. | ||
| Partition Mgr. MS12-032 TCP/IP. Bulletin. | CVE-2012-0178. Important. 1. 1. Elevation | ||
| KB. Disclosure. Aggregate Severity. | of Privilege. Cooperatively Disclosed. | ||
| Exploit Index. Max Impact. Deployment | Affected Products. Affected Products. All | ||
| Priority. Notes. 2681578. Public. | supported versions of Windows 7, Windows | ||
| Critical. 1. RCE. 1. All updates are | Vista, Windows Server 2008, and Windows | ||
| required for each affected product. | Server 2008 R2. All supported versions of | ||
| 2680352. Private. Critical. 1. RCE. 1. | Windows 7, Windows Vista, Windows Server | ||
| Does not affect Office 2010. 2693777. | 2008, and Windows Server 2008 R2. All | ||
| Private. Critical. 1. RCE. 2. Both | supported versions of Windows 7, Windows | ||
| MS12-035 and MS12-034 required for NETFX. | Vista, Windows Server 2008, and Windows | ||
| 2663830. Public. Important. 1. RCE. 2. | Server 2008 R2. All supported versions of | ||
| Multiple updates per product may be | Windows 7, Windows Vista, Windows Server | ||
| required. 2597981. Private. Important. 1. | 2008, and Windows Server 2008 R2. Affected | ||
| RCE. 2. Users should not open attachments | Components. Affected Components. Windows | ||
| from untrusted sources. 2690533. Private. | Partition Manager. Windows Partition | ||
| Important. 1. EoP. 3. Requires local | Manager. Windows Partition Manager. | ||
| system access. 2688338. Public. Important. | Windows Partition Manager. Deployment | ||
| 1. EoP. 3. Elevation of privilege requires | Priority. Deployment Priority. 3. 3. 3. 3. | ||
| local system access. | Main Target. Main Target. Workstations and | ||
| 6 | MS12-029: Vulnerability In Microsoft | Servers. Workstations and Servers. | |
| Word Could Allow Remote Code Execution | Workstations and Servers. Workstations and | ||
| (2680352). CVE. CVE. Severity. Severity. | Servers. Possible Attack Vectors. Possible | ||
| Exploitability. Exploitability. Comment. | Attack Vectors. To exploit this | ||
| Comment. Comment. Comment. Note. Note. | vulnerability, an attacker would first | ||
| CVE-2012-0183. Critical. N/A. 1. Remote | have to log on to the system. Then, an | ||
| Code Execution. Remote Code Execution. | attacker could run a specially crafted | ||
| Cooperatively Disclosed. Affected | application that could exploit the | ||
| Products. Affected Products. Office 2007 | vulnerability and take complete control | ||
| SP2, SP3. Office 2007 SP2, SP3. Office | over the affected system. To exploit this | ||
| 2007 SP2, SP3. Office 2003 SP3, Office | vulnerability, an attacker would first | ||
| 2008 For Mac, Office For Mac 2011, Office | have to log on to the system. Then, an | ||
| Compatibility Pack SP2, Office | attacker could run a specially crafted | ||
| Compatibility Pack SP3. Office 2003 SP3, | application that could exploit the | ||
| Office 2008 For Mac, Office For Mac 2011, | vulnerability and take complete control | ||
| Office Compatibility Pack SP2, Office | over the affected system. To exploit this | ||
| Compatibility Pack SP3. Affected | vulnerability, an attacker would first | ||
| Components. Affected Components. Microsoft | have to log on to the system. Then, an | ||
| Word. Microsoft Word. Microsoft Word. | attacker could run a specially crafted | ||
| Microsoft Word. Microsoft Word. Deployment | application that could exploit the | ||
| Priority. Deployment Priority. 1. 1. 1. 1. | vulnerability and take complete control | ||
| 1. Main Target. Main Target. Workstations. | over the affected system. To exploit this | ||
| Workstations. Workstations. Workstations. | vulnerability, an attacker would first | ||
| Workstations. Possible Attack Vectors. | have to log on to the system. Then, an | ||
| Possible Attack Vectors. Web-Browsing | attacker could run a specially crafted | ||
| Scenario: An attacker could host a website | application that could exploit the | ||
| that contains an RTF file that is used to | vulnerability and take complete control | ||
| exploit this vulnerability. Compromised | over the affected system. Impact of | ||
| websites and websites that accept or host | Attack. Impact of Attack. An attacker who | ||
| user-provided content or advertisements | successfully exploited this vulnerability | ||
| could contain specially crafted content | could run arbitrary code in kernel mode | ||
| that could be used to exploit this | and take complete control of an affected | ||
| vulnerability. Email Attack Scenario: An | system. An attacker who successfully | ||
| attacker could exploit this vulnerability | exploited this vulnerability could run | ||
| by sending the user the malicious file as | arbitrary code in kernel mode and take | ||
| an email attachment, and convince the user | complete control of an affected system. An | ||
| to open the attachment. Web-Browsing | attacker who successfully exploited this | ||
| Scenario: An attacker could host a website | vulnerability could run arbitrary code in | ||
| that contains an RTF file that is used to | kernel mode and take complete control of | ||
| exploit this vulnerability. Compromised | an affected system. An attacker who | ||
| websites and websites that accept or host | successfully exploited this vulnerability | ||
| user-provided content or advertisements | could run arbitrary code in kernel mode | ||
| could contain specially crafted content | and take complete control of an affected | ||
| that could be used to exploit this | system. Mitigating Factors. Mitigating | ||
| vulnerability. Email Attack Scenario: An | Factors. An attacker must have valid logon | ||
| attacker could exploit this vulnerability | credentials and be able to log on locally | ||
| by sending the user the malicious file as | to exploit this vulnerability. An attacker | ||
| an email attachment, and convince the user | must have valid logon credentials and be | ||
| to open the attachment. Web-Browsing | able to log on locally to exploit this | ||
| Scenario: An attacker could host a website | vulnerability. An attacker must have valid | ||
| that contains an RTF file that is used to | logon credentials and be able to log on | ||
| exploit this vulnerability. Compromised | locally to exploit this vulnerability. An | ||
| websites and websites that accept or host | attacker must have valid logon credentials | ||
| user-provided content or advertisements | and be able to log on locally to exploit | ||
| could contain specially crafted content | this vulnerability. Additional | ||
| that could be used to exploit this | Information. Additional Information. | ||
| vulnerability. Email Attack Scenario: An | Installations using Server Core are | ||
| attacker could exploit this vulnerability | affected. Installations using Server Core | ||
| by sending the user the malicious file as | are affected. Installations using Server | ||
| an email attachment, and convince the user | Core are affected. Installations using | ||
| to open the attachment. Web-Browsing | Server Core are affected. Latest Software. | ||
| Scenario: An attacker could host a website | Older Versions. | ||
| that contains an RTF file that is used to | 11 | MS12-034: Combined Security Update For | |
| exploit this vulnerability. Compromised | Microsoft Office, Windows, .NET Framework, | ||
| websites and websites that accept or host | and Silverlight (2681578) Slide 1 of 3. | ||
| user-provided content or advertisements | CVE. CVE. Severity. Severity. | ||
| could contain specially crafted content | Exploitability. Exploitability. Comment. | ||
| that could be used to exploit this | Comment. Comment. Comment. Note. Note. | ||
| vulnerability. Email Attack Scenario: An | CVE-2011-3402. Critical. 1. 1. Remote Code | ||
| attacker could exploit this vulnerability | Execution. Remote Code Execution. Publicly | ||
| by sending the user the malicious file as | Disclosed. CVE-2012-0159. Critical. 1. 1. | ||
| an email attachment, and convince the user | Remote Code Execution. Remote Code | ||
| to open the attachment. Web-Browsing | Execution. Cooperatively Disclosed. | ||
| Scenario: An attacker could host a website | CVE-2012-0162. Critical. 1. N/A. Remote | ||
| that contains an RTF file that is used to | Code Execution. Remote Code Execution. | ||
| exploit this vulnerability. Compromised | Cooperatively Disclosed. CVE-2012-0164. | ||
| websites and websites that accept or host | Moderate. N/A. N/A. Denial of Service. | ||
| user-provided content or advertisements | Denial of Service. Publicly Disclosed. | ||
| could contain specially crafted content | CVE-2012-0165. Important. 2. 1. Remote | ||
| that could be used to exploit this | Code Execution. Remote Code Execution. | ||
| vulnerability. Email Attack Scenario: An | Cooperatively Disclosed. CVE-2012-0167. | ||
| attacker could exploit this vulnerability | Important. N/A. 1. Remote Code Execution. | ||
| by sending the user the malicious file as | Remote Code Execution. Cooperatively | ||
| an email attachment, and convince the user | Disclosed. CVE-2012-0176. Critical. N/A. | ||
| to open the attachment. Impact of Attack. | 1. Remote Code Execution. Remote Code | ||
| Impact of Attack. An attacker who | Execution. Cooperatively Disclosed. | ||
| successfully exploited this vulnerability | CVE-2012-0180. Important. 1. 1. Elevation | ||
| could cause arbitrary code to run with the | of Privilege. Elevation of Privilege. | ||
| privileges of the user who opens a | Cooperatively Disclosed. CVE-2012-0181. | ||
| specially crafted RTF file or previews or | Important. 3. 1. Elevation of Privilege. | ||
| opens a specially crafted RTF email | Elevation of Privilege. Publicly | ||
| message. An attacker who successfully | Disclosed. CVE-2012-1848. Important. 1. 1. | ||
| exploited this vulnerability could cause | Elevation of Privilege. Elevation of | ||
| arbitrary code to run with the privileges | Privilege. Cooperatively Disclosed. All | ||
| of the user who opens a specially crafted | supported versions of Windows and Windows | ||
| RTF file or previews or opens a specially | Server, All supported versions of .NET 3, | ||
| crafted RTF email message. An attacker who | .NET 3.5.1, and .NET 4; Microsoft | ||
| successfully exploited this vulnerability | Silverlight 4, Microsoft Silverlight 5. | ||
| could cause arbitrary code to run with the | All supported versions of Windows and | ||
| privileges of the user who opens a | Windows Server, All supported versions of | ||
| specially crafted RTF file or previews or | .NET 3, .NET 3.5.1, and .NET 4; Microsoft | ||
| opens a specially crafted RTF email | Silverlight 4, Microsoft Silverlight 5. | ||
| message. An attacker who successfully | All supported versions of Windows and | ||
| exploited this vulnerability could cause | Windows Server, All supported versions of | ||
| arbitrary code to run with the privileges | .NET 3, .NET 3.5.1, and .NET 4; Microsoft | ||
| of the user who opens a specially crafted | Silverlight 4, Microsoft Silverlight 5. | ||
| RTF file or previews or opens a specially | All supported versions of Office (except | ||
| crafted RTF email message. An attacker who | Compatibility Pack SP2 and SP3, and Office | ||
| successfully exploited this vulnerability | For Mac). All supported versions of Office | ||
| could cause arbitrary code to run with the | (except Compatibility Pack SP2 and SP3, | ||
| privileges of the user who opens a | and Office For Mac). .NET Framework. .NET | ||
| specially crafted RTF file or previews or | Framework. .NET Framework. .NET Framework. | ||
| opens a specially crafted RTF email | .NET Framework. 1. 1. 1. 1. 1. | ||
| message. Mitigating Factors. Mitigating | Workstations and Servers. Workstations and | ||
| Factors. An attacker would have no way to | Servers. Workstations and Servers. | ||
| force a user to visit a malicious website. | Workstations and Servers. Workstations and | ||
| An attacker would have no way to force a | Servers. Affected Products and Components. | ||
| user to visit a malicious website. An | Affected Products and Components. Affected | ||
| attacker would have no way to force a user | Products and Components. Affected Products | ||
| to visit a malicious website. An attacker | and Components. Deployment Priority. | ||
| would have no way to force a user to visit | Deployment Priority. Main Target. Main | ||
| a malicious website. An attacker would | Target. Latest Software. Older Versions. | ||
| have no way to force a user to visit a | 12 | MS12-034: Combined Security Update For | |
| malicious website. Additional Information. | Microsoft Office, Windows, .NET Framework, | ||
| Additional Information. For Microsoft Word | and Silverlight (2681578) Slide 2 of 3. | ||
| 2007, in addition to security update | Affected Products and Components. Affected | ||
| package KB2596917, customers also need to | Products and Components. Possible Attack | ||
| install the security update for Microsoft | Vectors. CVE-2011-3402, CVE-2012-0159, | ||
| Office Compatibility Pack (KB2596880) to | CVE-2012-0165: File Sharing Scenario: An | ||
| be protected from the vulnerability | attacker could exploit this vulnerability | ||
| described in this bulletin. Workarounds: | by convincing a user to open a specially | ||
| Read email in plain text (for more, | crafted document file or malicious image | ||
| consult KB831607). Use Office File Block | on a file or network share. CVE-2011-3402, | ||
| Policy to block the opening of RTF | CVE-2012-0159, CVE-2012-0162, | ||
| documents from unknown or untrusted | CVE-2012-0165, CVE-2012-0176, | ||
| sources or locations. For Microsoft Word | CVE-2012-0167: Web-Browsing Scenario: An | ||
| 2007, in addition to security update | attacker could host a website that | ||
| package KB2596917, customers also need to | contains a webpage that is used to exploit | ||
| install the security update for Microsoft | this vulnerability. Compromised websites | ||
| Office Compatibility Pack (KB2596880) to | and websites that accept or host | ||
| be protected from the vulnerability | user-provided content or advertisements | ||
| described in this bulletin. Workarounds: | could contain specially crafted content | ||
| Read email in plain text (for more, | that could be used to exploit this | ||
| consult KB831607). Use Office File Block | vulnerability. In the case of | ||
| Policy to block the opening of RTF | CVE-2012-0167, a webpage would have to | ||
| documents from unknown or untrusted | host a specially crafted Office document. | ||
| sources or locations. For Microsoft Word | CVE-2012-0159, CVE-2012-0180, | ||
| 2007, in addition to security update | CVE-2012-0181, CVE-2012-1848: Local Attack | ||
| package KB2596917, customers also need to | Scenario: To exploit this vulnerability, | ||
| install the security update for Microsoft | an attacker would first have to log on to | ||
| Office Compatibility Pack (KB2596880) to | the system. Then, an attacker could run a | ||
| be protected from the vulnerability | specially crafted application that could | ||
| described in this bulletin. Workarounds: | exploit the vulnerability and take | ||
| Read email in plain text (for more, | complete control over the affected system. | ||
| consult KB831607). Use Office File Block | CVE-2012-0164: An unauthenticated attacker | ||
| Policy to block the opening of RTF | could send a small number of specially | ||
| documents from unknown or untrusted | crafted requests to an affected site. | ||
| sources or locations. For Microsoft Word | CVE-2012-0165, CVE-2012-0167: Email Attack | ||
| 2007, in addition to security update | Scenario: An attacker could exploit this | ||
| package KB2596917, customers also need to | vulnerability by sending the user the | ||
| install the security update for Microsoft | malicious file as an email attachment, and | ||
| Office Compatibility Pack (KB2596880) to | convince the user to open the attachment. | ||
| be protected from the vulnerability | CVE-2011-3402, CVE-2012-0159, | ||
| described in this bulletin. Workarounds: | CVE-2012-0165: File Sharing Scenario: An | ||
| Read email in plain text (for more, | attacker could exploit this vulnerability | ||
| consult KB831607). Use Office File Block | by convincing a user to open a specially | ||
| Policy to block the opening of RTF | crafted document file or malicious image | ||
| documents from unknown or untrusted | on a file or network share. CVE-2011-3402, | ||
| sources or locations. For Microsoft Word | CVE-2012-0159, CVE-2012-0162, | ||
| 2007, in addition to security update | CVE-2012-0165, CVE-2012-0176, | ||
| package KB2596917, customers also need to | CVE-2012-0167: Web-Browsing Scenario: An | ||
| install the security update for Microsoft | attacker could host a website that | ||
| Office Compatibility Pack (KB2596880) to | contains a webpage that is used to exploit | ||
| be protected from the vulnerability | this vulnerability. Compromised websites | ||
| described in this bulletin. Workarounds: | and websites that accept or host | ||
| Read email in plain text (for more, | user-provided content or advertisements | ||
| consult KB831607). Use Office File Block | could contain specially crafted content | ||
| Policy to block the opening of RTF | that could be used to exploit this | ||
| documents from unknown or untrusted | vulnerability. In the case of | ||
| sources or locations. Latest Software. | CVE-2012-0167, a webpage would have to | ||
| Older Versions. | host a specially crafted Office document. | ||
| 7 | MS12-030: Vulnerabilities In Microsoft | CVE-2012-0159, CVE-2012-0180, | |
| Office Could Allow Remote Code Execution | CVE-2012-0181, CVE-2012-1848: Local Attack | ||
| (2663830). CVE. CVE. Severity. Severity. | Scenario: To exploit this vulnerability, | ||
| Exploitability. Exploitability. Comment. | an attacker would first have to log on to | ||
| Comment. Note. Note. CVE-2012-0141. | the system. Then, an attacker could run a | ||
| Important. 3. 3. Remote Code Execution. | specially crafted application that could | ||
| Cooperatively Disclosed. CVE-2012-0142. | exploit the vulnerability and take | ||
| Important. 3. 3. Remote Code Execution. | complete control over the affected system. | ||
| Cooperatively Disclosed. CVE-2012-0143. | CVE-2012-0164: An unauthenticated attacker | ||
| Important. N/A. 1. Remote Code Execution. | could send a small number of specially | ||
| Publicly Disclosed. CVE-2012-0184. | crafted requests to an affected site. | ||
| Important. 3. 1. Remote Code Execution. | CVE-2012-0165, CVE-2012-0167: Email Attack | ||
| Cooperatively Disclosed. CVE-2012-0185. | Scenario: An attacker could exploit this | ||
| Important. 2. 2. Remote Code Execution. | vulnerability by sending the user the | ||
| Cooperatively Disclosed. CVE-2012-1847. | malicious file as an email attachment, and | ||
| Important. 1. 1. Remote Code Execution. | convince the user to open the attachment. | ||
| Cooperatively Disclosed. Affected | All supported versions of Windows and | ||
| Products. Affected Products. Microsoft | Windows Server; All supported versions of | ||
| Office 2010 SP1, Office 2010, Office 2007 | .NET 3, .NET 3.5.1, and .NET 4; Microsoft | ||
| SP3, Office 2007 SP2, Office 2003 SP3, | Silverlight 4, Microsoft Silverlight 5. | ||
| Office 2008 for Mac, Office for Mac 2011, | All supported versions of Office (except | ||
| Microsoft Excel Viewer, Office | Compatibility SP2 and SP3, and Office For | ||
| Compatibility Pack SP2 and SP3. Microsoft | Mac). .NET Framework. .NET Framework. | ||
| Office 2010 SP1, Office 2010, Office 2007 | CVE-2011-3402 RCE. CVE-2012-0159 RCE. | ||
| SP3, Office 2007 SP2, Office 2003 SP3, | CVE-2012-0162 RCE. CVE-2012-0164 DoS. | ||
| Office 2008 for Mac, Office for Mac 2011, | CVE-2012-0165 RCE. CVE-2012-0167 RCE. | ||
| Microsoft Excel Viewer, Office | CVE-2012-0176 RCE. CVE-2012-0180 EoP. | ||
| Compatibility Pack SP2 and SP3. Microsoft | CVE-2012-0181 EoP. CVE-2012-1848 EoP. | ||
| Office 2010 SP1, Office 2010, Office 2007 | 13 | MS12-034: Combined Security Update For | |
| SP3, Office 2007 SP2, Office 2003 SP3, | Microsoft Office, Windows, .NET Framework, | ||
| Office 2008 for Mac, Office for Mac 2011, | and Silverlight (2681578) Slide 3 of 3. | ||
| Microsoft Excel Viewer, Office | Affected Products and Components. Affected | ||
| Compatibility Pack SP2 and SP3. Microsoft | Products and Components. Impact of Attack. | ||
| Office 2010 SP1, Office 2010, Office 2007 | Mitigating Factors. CVE-2011-3402, | ||
| SP3, Office 2007 SP2, Office 2003 SP3, | CVE-2012-0159, CVE-2012-0162, | ||
| Office 2008 for Mac, Office for Mac 2011, | CVE-2012-0165, CVE-2012-0167, | ||
| Microsoft Excel Viewer, Office | CVE-2012-0176: An attacker successfully | ||
| Compatibility Pack SP2 and SP3. Affected | exploiting this issue could gain the same | ||
| Components. Affected Components. Microsoft | user rights as a logged-on user. | ||
| Excel. Microsoft Excel. Microsoft Excel. | CVE-2012-0159: An attacker who | ||
| Microsoft Excel. Deployment Priority. | successfully exploited this vulnerability | ||
| Deployment Priority. 2. 2. 2. 2. Main | could run arbitrary code in Kernel mode | ||
| Target. Main Target. Workstations. | and take complete control of an affected | ||
| Workstations. Workstations. Workstations. | system. CVE-2012-0181, CVE-2012-1848: An | ||
| Possible Attack Vectors. Possible Attack | attacker who successfully exploited this | ||
| Vectors. Web-Browsing Scenario: An | vulnerability could run arbitrary code in | ||
| attacker could host a website that | the context of another process. | ||
| contains a specially crafted Excel file | CVE-2012-0164: An attacker could cause | ||
| that is used to exploit this | applications created using WPF APIs that | ||
| vulnerability. Compromised websites and | are running on a user's system to stop | ||
| websites that accept or host user-provided | responding until manually restarted. | ||
| content or advertisements could contain | CVE-2011-3402, CVE-2012-0159, | ||
| specially crafted content that could be | CVE-2012-0162, CVE-2012-0165, | ||
| used to exploit this vulnerability. Email | CVE-2012-0167, CVE-2012-0176: An attacker | ||
| Attack Scenario: An attacker could exploit | successfully exploiting this issue could | ||
| this vulnerability by sending the user the | gain the same user rights as a logged-on | ||
| malicious file as an email attachment, and | user. CVE-2012-0159: An attacker who | ||
| convince the user to open the attachment. | successfully exploited this vulnerability | ||
| Web-Browsing Scenario: An attacker could | could run arbitrary code in Kernel mode | ||
| host a website that contains a specially | and take complete control of an affected | ||
| crafted Excel file that is used to exploit | system. CVE-2012-0181, CVE-2012-1848: An | ||
| this vulnerability. Compromised websites | attacker who successfully exploited this | ||
| and websites that accept or host | vulnerability could run arbitrary code in | ||
| user-provided content or advertisements | the context of another process. | ||
| could contain specially crafted content | CVE-2012-0164: An attacker could cause | ||
| that could be used to exploit this | applications created using WPF APIs that | ||
| vulnerability. Email Attack Scenario: An | are running on a user's system to stop | ||
| attacker could exploit this vulnerability | responding until manually restarted. | ||
| by sending the user the malicious file as | CVE-2011-3402, CVE-2012-0159, | ||
| an email attachment, and convince the user | CVE-2012-0162, CVE-2012-0165, | ||
| to open the attachment. Web-Browsing | CVE-2012-0167, CVE-2012-0176: An attacker | ||
| Scenario: An attacker could host a website | would have no way to force users to visit | ||
| that contains a specially crafted Excel | a website or open an email attachment. | ||
| file that is used to exploit this | CVE-2011-3402, CVE-2012-0159: By default, | ||
| vulnerability. Compromised websites and | all supported versions of Microsoft | ||
| websites that accept or host user-provided | Outlook, Microsoft Outlook Express, and | ||
| content or advertisements could contain | Windows Mail open HTML email messages in | ||
| specially crafted content that could be | the Restricted Sites Zone. CVE-2012-0162, | ||
| used to exploit this vulnerability. Email | CVE-2012-0176, CVE-2012-1848: By default, | ||
| Attack Scenario: An attacker could exploit | Internet Explorer on Windows Server 2003, | ||
| this vulnerability by sending the user the | Windows Server 2008, and Windows Server | ||
| malicious file as an email attachment, and | 2008 R2 runs in a restricted mode that is | ||
| convince the user to open the attachment. | known as Enhanced Security Configuration. | ||
| Web-Browsing Scenario: An attacker could | CVE-2012-0180, CVE-2012-0181: An attacker | ||
| host a website that contains a specially | must have valid logon credentials and be | ||
| crafted Excel file that is used to exploit | able to log on locally to exploit this | ||
| this vulnerability. Compromised websites | vulnerability. CVE-2012-0162: On systems | ||
| and websites that accept or host | where MS11-044 has been applied, users | ||
| user-provided content or advertisements | will be prompted before XBAP applications | ||
| could contain specially crafted content | will execute when in the Internet Zone of | ||
| that could be used to exploit this | Internet Explorer. A user must click | ||
| vulnerability. Email Attack Scenario: An | through this prompt in order to run the | ||
| attacker could exploit this vulnerability | XBAP application on their system. | ||
| by sending the user the malicious file as | CVE-2012-0164: Microsoft has not | ||
| an email attachment, and convince the user | identified any mitigating factors for this | ||
| to open the attachment. Impact of Attack. | vulnerability. CVE-2011-3402, | ||
| Impact of Attack. An attacker who | CVE-2012-0159, CVE-2012-0162, | ||
| successfully exploited this vulnerability | CVE-2012-0165, CVE-2012-0167, | ||
| could run arbitrary code as the logged-on | CVE-2012-0176: An attacker would have no | ||
| user. An attacker who successfully | way to force users to visit a website or | ||
| exploited this vulnerability could run | open an email attachment. CVE-2011-3402, | ||
| arbitrary code as the logged-on user. An | CVE-2012-0159: By default, all supported | ||
| attacker who successfully exploited this | versions of Microsoft Outlook, Microsoft | ||
| vulnerability could run arbitrary code as | Outlook Express, and Windows Mail open | ||
| the logged-on user. An attacker who | HTML email messages in the Restricted | ||
| successfully exploited this vulnerability | Sites Zone. CVE-2012-0162, CVE-2012-0176, | ||
| could run arbitrary code as the logged-on | CVE-2012-1848: By default, Internet | ||
| user. Mitigating Factors. Mitigating | Explorer on Windows Server 2003, Windows | ||
| Factors. An attacker would have no way to | Server 2008, and Windows Server 2008 R2 | ||
| force users to visit a website or open an | runs in a restricted mode that is known as | ||
| email attachment. The vulnerability cannot | Enhanced Security Configuration. | ||
| be exploited automatically through email. | CVE-2012-0180, CVE-2012-0181: An attacker | ||
| For an attack to be successful a user must | must have valid logon credentials and be | ||
| open an attachment that is sent in an | able to log on locally to exploit this | ||
| email message. An attacker would have no | vulnerability. CVE-2012-0162: On systems | ||
| way to force users to visit a website or | where MS11-044 has been applied, users | ||
| open an email attachment. The | will be prompted before XBAP applications | ||
| vulnerability cannot be exploited | will execute when in the Internet Zone of | ||
| automatically through email. For an attack | Internet Explorer. A user must click | ||
| to be successful a user must open an | through this prompt in order to run the | ||
| attachment that is sent in an email | XBAP application on their system. | ||
| message. An attacker would have no way to | CVE-2012-0164: Microsoft has not | ||
| force users to visit a website or open an | identified any mitigating factors for this | ||
| email attachment. The vulnerability cannot | vulnerability. CVE-2011-3402 RCE. | ||
| be exploited automatically through email. | CVE-2012-0159 RCE. CVE-2012-0162 RCE. | ||
| For an attack to be successful a user must | CVE-2012-0164 DoS. CVE-2012-0165 RCE. | ||
| open an attachment that is sent in an | CVE-2012-0167 RCE. CVE-2012-0176 RCE. | ||
| email message. An attacker would have no | CVE-2012-0180 EoP. CVE-2012-0181 EoP. | ||
| way to force users to visit a website or | CVE-2012-1848 EoP. All supported versions | ||
| open an email attachment. The | of Windows and Windows Server, All | ||
| vulnerability cannot be exploited | supported versions of .NET 3, .NET 3.5.1, | ||
| automatically through email. For an attack | and .NET 4; Microsoft Silverlight 4, | ||
| to be successful a user must open an | Microsoft Silverlight 5. All supported | ||
| attachment that is sent in an email | versions of Office (except Compatibility | ||
| message. Additional Information. | SP2 and SP3, and Office For Mac). .NET | ||
| Additional Information. For Microsoft | Framework. .NET Framework. | ||
| Excel 2007, in addition to security update | 14 | MS12-035: Vulnerabilities in .NET | |
| package KB2597161, customers also need to | Framework Could Allow Remote Code | ||
| install the security update for the | Execution (2693777). CVE. CVE. Severity. | ||
| Microsoft Office Compatibility Pack | Severity. Exploitability. Exploitability. | ||
| (KB2597162). Microsoft Excel Viewer must | Comment. Comment. Note. Note. Web-Browsing | ||
| be updated to a supported service pack | Scenario: An attacker could host a | ||
| level (Excel Viewer 2007 Service Pack 2 or | specially crafted website that contains a | ||
| Excel Viewer 2007 Service Pack 3) before | specially crafted XBAP (XAML browser | ||
| installing this update. For Microsoft | application) that is used to exploit this | ||
| Excel 2007, in addition to security update | vulnerability. Compromised websites and | ||
| package KB2597161, customers also need to | websites that accept or host user-provided | ||
| install the security update for the | content or advertisements could contain | ||
| Microsoft Office Compatibility Pack | specially crafted content that could be | ||
| (KB2597162). Microsoft Excel Viewer must | used to exploit this vulnerability. This | ||
| be updated to a supported service pack | vulnerability could also be used by | ||
| level (Excel Viewer 2007 Service Pack 2 or | Windows .NET applications to bypass Code | ||
| Excel Viewer 2007 Service Pack 3) before | Access Security (CAS) restrictions. | ||
| installing this update. For Microsoft | Web-Browsing Scenario: An attacker could | ||
| Excel 2007, in addition to security update | host a specially crafted website that | ||
| package KB2597161, customers also need to | contains a specially crafted XBAP (XAML | ||
| install the security update for the | browser application) that is used to | ||
| Microsoft Office Compatibility Pack | exploit this vulnerability. Compromised | ||
| (KB2597162). Microsoft Excel Viewer must | websites and websites that accept or host | ||
| be updated to a supported service pack | user-provided content or advertisements | ||
| level (Excel Viewer 2007 Service Pack 2 or | could contain specially crafted content | ||
| Excel Viewer 2007 Service Pack 3) before | that could be used to exploit this | ||
| installing this update. For Microsoft | vulnerability. This vulnerability could | ||
| Excel 2007, in addition to security update | also be used by Windows .NET applications | ||
| package KB2597161, customers also need to | to bypass Code Access Security (CAS) | ||
| install the security update for the | restrictions. Web-Browsing Scenario: An | ||
| Microsoft Office Compatibility Pack | attacker could host a specially crafted | ||
| (KB2597162). Microsoft Excel Viewer must | website that contains a specially crafted | ||
| be updated to a supported service pack | XBAP (XAML browser application) that is | ||
| level (Excel Viewer 2007 Service Pack 2 or | used to exploit this vulnerability. | ||
| Excel Viewer 2007 Service Pack 3) before | Compromised websites and websites that | ||
| installing this update. Latest Software. | accept or host user-provided content or | ||
| Older Versions. | advertisements could contain specially | ||
| 8 | MS12-031: Vulnerability In Microsoft | crafted content that could be used to | |
| Visio Viewer Could Allow Remote Code | exploit this vulnerability. This | ||
| Execution (2597981). Web-Browsing | vulnerability could also be used by | ||
| Scenario: An attacker could host a website | Windows .NET applications to bypass Code | ||
| that contains a Visio file that is used to | Access Security (CAS) restrictions. | ||
| exploit this vulnerability. Compromised | Web-Browsing Scenario: An attacker could | ||
| websites and websites that accept or host | host a specially crafted website that | ||
| user-provided content or advertisements | contains a specially crafted XBAP (XAML | ||
| could contain specially crafted content | browser application) that is used to | ||
| that could be used to exploit this | exploit this vulnerability. Compromised | ||
| vulnerability. Email Attack Scenario: An | websites and websites that accept or host | ||
| attacker could exploit this vulnerability | user-provided content or advertisements | ||
| by sending the user the malicious file as | could contain specially crafted content | ||
| an email attachment, and convince the user | that could be used to exploit this | ||
| to open the attachment. Web-Browsing | vulnerability. This vulnerability could | ||
| Scenario: An attacker could host a website | also be used by Windows .NET applications | ||
| that contains a Visio file that is used to | to bypass Code Access Security (CAS) | ||
| exploit this vulnerability. Compromised | restrictions. An attacker would have no | ||
| websites and websites that accept or host | way to force users to visit a website. By | ||
| user-provided content or advertisements | default, Internet Explorer on Windows | ||
| could contain specially crafted content | Server 2003, Windows Server 2008, and | ||
| that could be used to exploit this | Windows Server 2008 R2 runs in a | ||
| vulnerability. Email Attack Scenario: An | restricted mode that is known as Enhanced | ||
| attacker could exploit this vulnerability | Security Configuration. Standard .NET | ||
| by sending the user the malicious file as | Framework applications are not affected by | ||
| an email attachment, and convince the user | this vulnerability. Only specially crafted | ||
| to open the attachment. Web-Browsing | .NET Framework applications could exploit | ||
| Scenario: An attacker could host a website | this vulnerability. (CVE-2012-0160). An | ||
| that contains a Visio file that is used to | attacker would have no way to force users | ||
| exploit this vulnerability. Compromised | to visit a website. By default, Internet | ||
| websites and websites that accept or host | Explorer on Windows Server 2003, Windows | ||
| user-provided content or advertisements | Server 2008, and Windows Server 2008 R2 | ||
| could contain specially crafted content | runs in a restricted mode that is known as | ||
| that could be used to exploit this | Enhanced Security Configuration. Standard | ||
| vulnerability. Email Attack Scenario: An | .NET Framework applications are not | ||
| attacker could exploit this vulnerability | affected by this vulnerability. Only | ||
| by sending the user the malicious file as | specially crafted .NET Framework | ||
| an email attachment, and convince the user | applications could exploit this | ||
| to open the attachment. Web-Browsing | vulnerability. (CVE-2012-0160). An | ||
| Scenario: An attacker could host a website | attacker would have no way to force users | ||
| that contains a Visio file that is used to | to visit a website. By default, Internet | ||
| exploit this vulnerability. Compromised | Explorer on Windows Server 2003, Windows | ||
| websites and websites that accept or host | Server 2008, and Windows Server 2008 R2 | ||
| user-provided content or advertisements | runs in a restricted mode that is known as | ||
| could contain specially crafted content | Enhanced Security Configuration. Standard | ||
| that could be used to exploit this | .NET Framework applications are not | ||
| vulnerability. Email Attack Scenario: An | affected by this vulnerability. Only | ||
| attacker could exploit this vulnerability | specially crafted .NET Framework | ||
| by sending the user the malicious file as | applications could exploit this | ||
| an email attachment, and convince the user | vulnerability. (CVE-2012-0160). An | ||
| to open the attachment. An attacker who | attacker would have no way to force users | ||
| successfully exploited this vulnerability | to visit a website. By default, Internet | ||
| could run arbitrary code in the context of | Explorer on Windows Server 2003, Windows | ||
| the current user. An attacker who | Server 2008, and Windows Server 2008 R2 | ||
| successfully exploited this vulnerability | runs in a restricted mode that is known as | ||
| could run arbitrary code in the context of | Enhanced Security Configuration. Standard | ||
| the current user. An attacker who | .NET Framework applications are not | ||
| successfully exploited this vulnerability | affected by this vulnerability. Only | ||
| could run arbitrary code in the context of | specially crafted .NET Framework | ||
| the current user. An attacker who | applications could exploit this | ||
| successfully exploited this vulnerability | vulnerability. (CVE-2012-0160). | ||
| could run arbitrary code in the context of | CVE-2012-0160. Critical. 1. 1. Remote Code | ||
| the current user. An attacker would have | Execution. Cooperatively Disclosed. | ||
| no way to force users to visit a website | CVE-2012-0161. Critical. 1. 1. Remote Code | ||
| or open an email attachment. By default, | Execution. Cooperatively Disclosed. | ||
| Internet Explorer on Windows Server 2003, | Affected Products. Affected Products. All | ||
| Windows Server 2008, and Windows Server | supported versions of .NET Framework on | ||
| 2008 R2 runs in a restricted mode that is | all supported versions of Windows and | ||
| known as Enhanced Security Configuration. | Windows Server. All supported versions of | ||
| By default, all supported versions of | .NET Framework on all supported versions | ||
| Microsoft Outlook, Microsoft Outlook | of Windows and Windows Server. All | ||
| Express, and Windows Mail open HTML email | supported versions of .NET Framework on | ||
| messages in the Restricted Sites Zone. An | all supported versions of Windows and | ||
| attacker would have no way to force users | Windows Server. All supported versions of | ||
| to visit a website or open an email | .NET Framework on all supported versions | ||
| attachment. By default, Internet Explorer | of Windows and Windows Server. Affected | ||
| on Windows Server 2003, Windows Server | Components. Affected Components. .NET | ||
| 2008, and Windows Server 2008 R2 runs in a | Framework. .NET Framework. .NET Framework. | ||
| restricted mode that is known as Enhanced | .NET Framework. Deployment Priority. | ||
| Security Configuration. By default, all | Deployment Priority. 2. 2. 2. 2. Main | ||
| supported versions of Microsoft Outlook, | Target. Main Target. Workstations and | ||
| Microsoft Outlook Express, and Windows | Servers. Workstations and Servers. | ||
| Mail open HTML email messages in the | Workstations and Servers. Workstations and | ||
| Restricted Sites Zone. An attacker would | Servers. Possible Attack Vectors. Possible | ||
| have no way to force users to visit a | Attack Vectors. Impact of Attack. Impact | ||
| website or open an email attachment. By | of Attack. An attacker successfully | ||
| default, Internet Explorer on Windows | exploiting this issue could gain the same | ||
| Server 2003, Windows Server 2008, and | user rights as a logged-on user. An | ||
| Windows Server 2008 R2 runs in a | attacker successfully exploiting this | ||
| restricted mode that is known as Enhanced | issue could gain the same user rights as a | ||
| Security Configuration. By default, all | logged-on user. An attacker successfully | ||
| supported versions of Microsoft Outlook, | exploiting this issue could gain the same | ||
| Microsoft Outlook Express, and Windows | user rights as a logged-on user. An | ||
| Mail open HTML email messages in the | attacker successfully exploiting this | ||
| Restricted Sites Zone. An attacker would | issue could gain the same user rights as a | ||
| have no way to force users to visit a | logged-on user. Mitigating Factors. | ||
| website or open an email attachment. By | Mitigating Factors. Additional | ||
| default, Internet Explorer on Windows | Information. Additional Information. .NET | ||
| Server 2003, Windows Server 2008, and | Framework 4 and .NET Framework 4 Client | ||
| Windows Server 2008 R2 runs in a | Profile Affected. .NET Framework 4 and | ||
| restricted mode that is known as Enhanced | .NET Framework 4 Client Profile Affected. | ||
| Security Configuration. By default, all | .NET Framework 4 and .NET Framework 4 | ||
| supported versions of Microsoft Outlook, | Client Profile Affected. .NET Framework 4 | ||
| Microsoft Outlook Express, and Windows | and .NET Framework 4 Client Profile | ||
| Mail open HTML email messages in the | Affected. Latest Software. Older Versions. | ||
| Restricted Sites Zone. CVE. CVE. Severity. | 15 | Security Advisory 2695962 – Remote | |
| Severity. Exploitability. Exploitability. | Code Execution Update Rollup For Active X | ||
| Comment. Comment. Note. Note. | Kill Bits. This update sets the kill bits | ||
| CVE-2012-0018. Important. 1. N/A. Remote | for the following third-party software: | ||
| Code Execution. Cooperatively Disclosed. | Cisco Clientless VPN solution. Installing | ||
| Affected Products. Affected Products. All | this update will block the vulnerable | ||
| supported versions of Microsoft Visio | control from running in Internet Explorer. | ||
| Viewer 2010. All supported versions of | For more information regarding security | ||
| Microsoft Visio Viewer 2010. All supported | issues in the Cisco Clientless VPN | ||
| versions of Microsoft Visio Viewer 2010. | solution ActiveX control, please see the | ||
| All supported versions of Microsoft Visio | Cisco Security Advisory, Cisco ASA 5500 | ||
| Viewer 2010. Affected Components. Affected | Series Adaptive Security Appliance | ||
| Components. Visio Viewer. Visio Viewer. | Clientless VPN ActiveX Control Remote Code | ||
| Visio Viewer. Visio Viewer. Deployment | Execution Vulnerability. This advisory | ||
| Priority. Deployment Priority. 2. 2. 2. 2. | affects all supported versions of Windows. | ||
| Main Target. Main Target. Workstations. | 16 | Detection & Deployment. MS12-029 | |
| Workstations. Workstations. Workstations. | Word. MS12-030 Office. MS12-031 Visio. | ||
| Possible Attack Vectors. Possible Attack | MS12-032 TCP/IP. MS12-033 Partition Mgr. | ||
| Vectors. Impact of Attack. Impact of | MS12-034 GDI+/TTF. MS12-035 NETFX. | ||
| Attack. Mitigating Factors. Mitigating | Bulletin. Windows Update. Microsoft | ||
| Factors. Latest Software. Older Versions. | Update. MBSA. WSUS 3.0. SMS 2003 with | ||
| 9 | MS12-032: Vulnerability In TCP/IP | ITMU. SCCM 2007. No. Yes*. Yes*. Yes*. | |
| Could Allow Elevation of Privilege | Yes*. Yes*. No. Yes. Yes*. Yes*. Yes*. | ||
| (2688338). CVE. CVE. Severity. Severity. | Yes*. No. Yes. Yes. Yes. Yes. Yes. Yes. | ||
| Exploitability. Exploitability. Comment. | Yes. Yes. Yes. Yes. Yes. Yes. Yes. Yes. | ||
| Comment. Note. Note. CVE-2012-0174. | Yes. Yes. Yes. Yes. Yes**. Yes. Yes. Yes. | ||
| Important. N/A. N/A. Security Bypass. | Yes**. Yes. Yes. Yes. Yes. Yes. Yes. | ||
| Cooperatively Disclosed. CVE-2012-0179. | *Except in Microsoft Office 2008 for Mac | ||
| Important. 1. N/A. Elevation of Privilege. | and Microsoft Office for Mac 2011 **Except | ||
| Publicly Disclosed. Affected Products. | Silverlight 4 installed on Mac OS. | ||
| Affected Products. All supported versions | 17 | Other Update Information. MS12-029 | |
| of Windows 7, Windows Vista, Windows | Word. MS12-030 Office. MS12-031 Visio. | ||
| Server 2008, and Windows Server 2008 R2. | MS12-032 TCP/IP. MS12-033 Partition Mgr. | ||
| All supported versions of Windows 7, | MS12-034 GDI+/TTF. MS12-035 NETFX. | ||
| Windows Vista, Windows Server 2008, and | Bulletin. Restart. Uninstall. Replaces. | ||
| Windows Server 2008 R2. All supported | Maybe. Yes. MS11-089, MS11-094. Maybe. | ||
| versions of Windows 7, Windows Vista, | Yes. MS11-072, MS11-089, MS11-096. Maybe. | ||
| Windows Server 2008, and Windows Server | Yes. MS12-015. Yes. Yes. MS11-083. Yes. | ||
| 2008 R2. All supported versions of Windows | Yes. None. Yes. No. MS10-087, MS12-018. | ||
| 7, Windows Vista, Windows Server 2008, and | No. Yes. MS11-028, MS11-044, MS11-078, | ||
| Windows Server 2008 R2. Affected | MS11-100, MS12-016. | ||
| Components. Affected Components. Windows | 18 | Windows Malicious Software Removal | |
| Firewall, TCP/IP. Windows Firewall, | Tool (MSRT). During this release Microsoft | ||
| TCP/IP. Windows Firewall, TCP/IP. Windows | will increase detection capability for the | ||
| Firewall, TCP/IP. Deployment Priority. | following families in the MSRT: | ||
| Deployment Priority. 3. 3. 3. 3. Main | Win32/Unruy: A trojan that is capable of | ||
| Target. Main Target. Workstations and | connecting to certain remote servers to | ||
| Servers. Workstations and Servers. | download and execute arbitrary files. It | ||
| Workstations and Servers. Workstations and | can also delete files, schedule tasks, and | ||
| Servers. Possible Attack Vectors. Possible | perform other actions. Depending on the | ||
| Attack Vectors. CVE-2012-0174: In order to | computer's Internet Explorer settings, may | ||
| use this vulnerability, an attacker would | also disable third-party browser | ||
| first have to gain access to the local | extensions and BHOs from running. | ||
| subnet of the target computer. An attacker | Win32/Dishigy: A trojan that captures | ||
| could then use another vulnerability to | keystrokes and steals login credentials | ||
| acquire information about the target | through a method known as "form | ||
| system or execute code on the target | grabbing". It sends captured data to | ||
| system. CVE-2012-0179: To exploit this | a remote attacker and is capable of | ||
| vulnerability, an attacker would first | downloading additional malicious | ||
| have to log on to the system. An attacker | components. For the first time, Microsoft | ||
| could then run a specially crafted | is releasing MSRT to Windows 8 machines. | ||
| application that could exploit the | Available as a priority update through | ||
| vulnerability and take complete control | Windows Update or Microsoft Update. Is | ||
| over the affected system. CVE-2012-0174: | offered through WSUS 3.0 or as a download | ||
| In order to use this vulnerability, an | at: www.microsoft.com/malwareremove. | ||
| attacker would first have to gain access | 19 | Resources. Bulletins, Advisories, | |
| to the local subnet of the target | Notifications & Newsletters Security | ||
| computer. An attacker could then use | Bulletins Summary: | ||
| another vulnerability to acquire | www.microsoft.com/technet/security/bulleti | ||
| information about the target system or | /summary.mspx Security Bulletins Search: | ||
| execute code on the target system. | www.microsoft.com/technet/security/current | ||
| CVE-2012-0179: To exploit this | aspx Security Advisories: | ||
| vulnerability, an attacker would first | www.microsoft.com/technet/security/advisor | ||
| have to log on to the system. An attacker | / Microsoft Technical Security | ||
| could then run a specially crafted | Notifications: | ||
| application that could exploit the | www.microsoft.com/technet/security/bulleti | ||
| vulnerability and take complete control | /notify.mspx Microsoft Security | ||
| over the affected system. CVE-2012-0174: | Newsletter: | ||
| In order to use this vulnerability, an | www.microsoft.com/technet/security/secnews | ||
| attacker would first have to gain access | Other Resources Update Management Process | ||
| to the local subnet of the target | http://www.microsoft.com/technet/security/ | ||
| computer. An attacker could then use | uidance/patchmanagement/secmod193.mspx | ||
| another vulnerability to acquire | Microsoft Active Protection Program | ||
| information about the target system or | Partners: | ||
| execute code on the target system. | http://www.microsoft.com/security/msrc/map | ||
| CVE-2012-0179: To exploit this | /partners.mspx. Blogs Microsoft Security | ||
| vulnerability, an attacker would first | Response Center (MSRC) blog: | ||
| have to log on to the system. An attacker | www.blogs.technet.com/msrc Security | ||
| could then run a specially crafted | Research & Defense blog: | ||
| application that could exploit the | http://blogs.technet.com/srd Microsoft | ||
| vulnerability and take complete control | Malware Protection Center Blog: | ||
| over the affected system. CVE-2012-0174: | http://blogs.technet.com/mmpc/ Twitter | ||
| In order to use this vulnerability, an | @MSFTSecResponse Security Centers | ||
| attacker would first have to gain access | Microsoft Security Home Page: | ||
| to the local subnet of the target | www.microsoft.com/security TechNet | ||
| computer. An attacker could then use | Security Center: | ||
| another vulnerability to acquire | www.microsoft.com/technet/security MSDN | ||
| information about the target system or | Security Developer Center: | ||
| execute code on the target system. | http://msdn.microsoft.com/en-us/security/d | ||
| CVE-2012-0179: To exploit this | fault.aspx. | ||
| vulnerability, an attacker would first | 20 | Questions and Answers. Submit text | |
| have to log on to the system. An attacker | questions using the “Ask” button. Don’t | ||
| could then run a specially crafted | forget to fill out the survey. A recording | ||
| application that could exploit the | of this webcast will be available within | ||
| vulnerability and take complete control | 48 hours on the MSRC Blog: | ||
| over the affected system. Impact of | http://blogs.technet.com/msrc Register for | ||
| Attack. Impact of Attack. CVE-2012-0174: | next month’s webcast at: | ||
| An attacker who successfully exploited | http://microsoft.com/technet/security/curr | ||
| this vulnerability could bypass Windows | nt.aspx. | ||
| Firewall. CVE-2012-0179: An attacker who | 21 | © 2012 Microsoft Corporation. All | |
| successfully exploited this vulnerability | rights reserved. Microsoft, Windows, | ||
| could run arbitrary code in the context of | Windows Vista and other product names are | ||
| another process. CVE-2012-0174: An | or may be registered trademarks and/or | ||
| attacker who successfully exploited this | trademarks in the U.S. and/or other | ||
| vulnerability could bypass Windows | countries. The information herein is for | ||
| Firewall. CVE-2012-0179: An attacker who | informational purposes only and represents | ||
| successfully exploited this vulnerability | the current view of Microsoft Corporation | ||
| could run arbitrary code in the context of | as of the date of this presentation. | ||
| another process. CVE-2012-0174: An | Because Microsoft must respond to changing | ||
| attacker who successfully exploited this | market conditions, it should not be | ||
| vulnerability could bypass Windows | interpreted to be a commitment on the part | ||
| Firewall. CVE-2012-0179: An attacker who | of Microsoft, and Microsoft cannot | ||
| successfully exploited this vulnerability | guarantee the accuracy of any information | ||
| could run arbitrary code in the context of | provided after the date of this | ||
| another process. CVE-2012-0174: An | presentation. MICROSOFT MAKES NO | ||
| attacker who successfully exploited this | WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, | ||
| vulnerability could bypass Windows | AS TO THE INFORMATION IN THIS | ||
| Firewall. CVE-2012-0179: An attacker who | PRESENTATION. | ||
| Information About Microsoft May 2012 Security Bulletins.pptx | |||
http://900igr.net/kartinka/informatika/information-about-microsoft-may-2012-security-bulletins-191728.html
cсылка на страницу
Information About Microsoft May 2012 Security Bulletins
другие презентации на тему «Information About Microsoft May 2012 Security Bulletins»
«Microsoft программы» - Microsoft excel 2007 (окно программы). Программы Microsoft Office. Microsoft word 2003 (окно программы). Microsoft access 2007 (окно программы). Современное общество уделяет рекламе много внимания. Microsoft excel (табличный процессор). Microsoft outlook express (окно программы). Microsoft excel 2003 (окно программы).
«Microsoft Word 2007» - Начало работы с Microsoft Word 2007 Лента. Чтобы быстро свернуть ленту, дважды щелкните имя активной вкладки. В некоторых случаях после нажатия кнопки появляется диалоговое окно. Вопросы для самостоятельной работы. Интерфейс Microsoft Word 2007 Элементы управления. Запуск Microsoft Word 2007 Компоненты окна Microsoft Word 2007.
«Портал Microsoft» - Сервер приложений. Анализирует продажи. Ask the Expert. Быстрая интеграция приложений. Проблемы бизнеса. Web-сервисы / API / MSMQ. Microsoft SharePoint. Получает уведомление. <tag1> -> field1 <tag2> -> field2 <tag3> -> field3 … <tagN> -> fieldN. Приложение. Sales Line.
«Microsoft Office 2007» - The vast majority of enterprises are at least considering implementing or upgrading to MOSS 2007. Most will deploy MOSS based on roles or departments. . . . which leads to replacements of existing ECM implementations. Survey and data methodology. And most will do so within the next 12 months, if they haven’t already.
«Технологии Microsoft» - Задачи семинара. Направления взаимодействия Microsoft с системой образования. Нам важно ваше мнение! Партнеры Программы Microsoft IT Academy. Microsoft в образовании. Требуется новый уровень осмысления проблемы использования технологий в учебном процессе. Использование технологий в образовании. Роль Программы «Академия информационных технологий Microsoft» (Microsoft IT Academy).
«Программа Microsoft Office 2007» - Microsoft Excel. Microsoft Office 2007. Microsoft Word Microsoft Excel Microsoft PowerPoint Microsoft Access. Microsoft Access —приложение для управления базами данных. Microsoft Access. Microsoft Word. Структура офисного приложения. Microsoft PowerPoint.
Microsoft
6 презентаций о Microsoft
Информатика
130 тем
Информатика
○ Обучение информатике
▫ Учебники по информат.
▫ Уроки информатики
○ Задания по информат.
▫ Игры
▫ Тесты
Информацион. общество
○ Информац. системы
○ Электрон.правительство
ИКТ в образовании
○ Информац. технологии
○ Электронная школа
○ ИКТ в начальной школе
○ Образовательн.ресурсы
▫ Образовательные сайты
▫ Электронные библиотеки
○ Электронные учебники
○ Интерактивная доска
Информация
○ Виды информации
○ Количество информации
○ Представление информ.
○ Кодирование информац.
▫ Числа в компьютере
▫ Методы кодирования
○ Информац. процессы
▫ Обработка информации
▫ Передача информации
▫ Хранение информации
○ Мультимедиа
Модель
○ Объект
○ Информационная модель
○ Моделирование
▫ Виды моделирования
○ Теория систем
Программирование
○ Логические основы
○ Алгоритм
▫ Виды алгоритмов
○ Языки прогр-мирования
▫ Basic
▫ Паскаль
Компьютер
○ История развития ЭВМ
▫ Поколения ЭВМ
○ Устройство компьютера
▫ Архитектура компьютера
▫ Компьютерные устройства
• Память компьютера
▫ Периферийн. устройства
• Устройства ввода
○ Сети
▫ Виды сетей
Програм. обеспечение
○ Операционные системы
▫ Windows
▫ Linux
○ Файлы
○ Архив
○ Программы
○ Office
○ OpenOffice
○ Microsoft
Текст
○ Работа с текстом
○ Word
▫ Работа в Word
Таблицы
○ Excel
○ Диаграммы
Базы данных
○ Типы баз данных
○ Работа с базами данных
○ Access
Компьютерная графика
○ Графическая информация
○ Растр. и вектор. графика
○ Графический редактор
▫ Paint
Анимация
○ Flash
Видео
Звук
Презентация
○ PowerPoint
▫ Презентации PowerPoint
○ Создание презентаций
▫ Как сделать презентацию
▫ Правила для презентаций
▫ Шаблоны для презентац
○ Оформление презентации
▫ Вставки в презентацию
▫ Анимация в Powerpoint
▫ Слайды
Интернет
○ История Интернета
○ Устройство Интернета
○ Сервисы Интернета
▫ Поисковые системы
▫ Интернет-магазин
○ Общение в Интернете
▫ Электронная почта
▫ Социальные сети
○ Создание сайтов
▫ HTML
▫ Веб-страницы
▫ Продвижение сайта
○ Сайты
• YouTube
○ Бизнес в Интернете
▫ Интернет-реклама
Информац. безопасность
○ Защита информации
▫ Средства защиты информ.
○ Вирусы
▫ Антивирусы
Компьютер и здоровье
○ Безопасн.на информат.
○ Компьютерн. зависимость
○ Влияние Интернета
▫ Безопасн.в Интернете
▫ Дети в Интернете
Связь
○ Радио
○ Телевидение
○ Сотовая связь
▫ Влияние телефонов
Без темы
Похожие
презентации
Картинки
900igr.net
>
Презентации по информатике
>
Microsoft
>
Information About Microsoft May 2012 Security Bulletins