Microsoft
<<  Отчет Microsoft о безопасности Security Intelligence Report Volume 6: Новые данные об ИТ-угрозах в России и мире Дарьи пынзарь 2012 видео  >>
Information About Microsoft May 2012 Security Bulletins
Information About Microsoft May 2012 Security Bulletins
Live Video Stream
Live Video Stream
What We Will Cover
What We Will Cover
Severity and Exploitability Index
Severity and Exploitability Index
Bulletin Deployment Priority
Bulletin Deployment Priority
MS12-029: Vulnerability In Microsoft Word Could Allow Remote Code
MS12-029: Vulnerability In Microsoft Word Could Allow Remote Code
MS12-030: Vulnerabilities In Microsoft Office Could Allow Remote Code
MS12-030: Vulnerabilities In Microsoft Office Could Allow Remote Code
MS12-031: Vulnerability In Microsoft Visio Viewer Could Allow Remote
MS12-031: Vulnerability In Microsoft Visio Viewer Could Allow Remote
MS12-032: Vulnerability In TCP/IP Could Allow Elevation of Privilege
MS12-032: Vulnerability In TCP/IP Could Allow Elevation of Privilege
MS12-033: Vulnerability In Windows Partition Manager Could Allow
MS12-033: Vulnerability In Windows Partition Manager Could Allow
MS12-034: Combined Security Update For Microsoft Office, Windows,
MS12-034: Combined Security Update For Microsoft Office, Windows,
MS12-034: Combined Security Update For Microsoft Office, Windows,
MS12-034: Combined Security Update For Microsoft Office, Windows,
MS12-034: Combined Security Update For Microsoft Office, Windows,
MS12-034: Combined Security Update For Microsoft Office, Windows,
MS12-035: Vulnerabilities in
MS12-035: Vulnerabilities in
Security Advisory 2695962 – Remote Code Execution Update Rollup For
Security Advisory 2695962 – Remote Code Execution Update Rollup For
Detection & Deployment
Detection & Deployment
Other Update Information
Other Update Information
Windows Malicious Software Removal Tool (MSRT)
Windows Malicious Software Removal Tool (MSRT)
Resources
Resources
Questions and Answers
Questions and Answers
© 2012 Microsoft Corporation
© 2012 Microsoft Corporation

Презентация: «Information About Microsoft May 2012 Security Bulletins». Автор: . Файл: «Information About Microsoft May 2012 Security Bulletins.pptx». Размер zip-архива: 473 КБ.

Information About Microsoft May 2012 Security Bulletins

содержание презентации «Information About Microsoft May 2012 Security Bulletins.pptx»
СлайдТекст
1 Information About Microsoft May 2012 Security Bulletins

Information About Microsoft May 2012 Security Bulletins

Dustin Childs Sr. Security Program Manager Microsoft Corporation Pete Voss Sr. Response Communications Manager Microsoft Corporation

2 Live Video Stream

Live Video Stream

To receive our video stream in LiveMeeting: Click on Voice & Video Click the drop down next to the camera icon Select Show Main Video

3 What We Will Cover

What We Will Cover

Review of May 2012 Bulletin Release Information New Security Bulletins Security Advisory 2695962 Microsoft® Windows® Malicious Software Removal Tool Resources Questions and Answers: Please Submit Now Submit Questions via Twitter #MSFTSecWebcast

4 Severity and Exploitability Index

Severity and Exploitability Index

Exploitability Index

Exploitability Index

Exploitability Index

RISK

RISK

RISK

Severity

Severity

Severity

Severity

IMPACT

IMPACT

IMPACT

IMPACT

1

2

2

3

3

1

2

Office, Windows, .NET, Silverlight

Windows

Windows

Office

Office

Visio

.NET

DP

MS12-029

MS12-030

MS12-031

MS12-032

MS12-033

MS12-034

MS12-035

1

2

3

Critical

Important

Moderate

Low

5 Bulletin Deployment Priority

Bulletin Deployment Priority

MS12-034 GDI+/TTF

MS12-029 Word

MS12-035 NETFX

MS12-030 Office

MS12-031 Visio

MS12-033 Partition Mgr.

MS12-032 TCP/IP

Bulletin

KB

Disclosure

Aggregate Severity

Exploit Index

Max Impact

Deployment Priority

Notes

2681578

Public

Critical

1

RCE

1

All updates are required for each affected product.

2680352

Private

Critical

1

RCE

1

Does not affect Office 2010.

2693777

Private

Critical

1

RCE

2

Both MS12-035 and MS12-034 required for NETFX.

2663830

Public

Important

1

RCE

2

Multiple updates per product may be required.

2597981

Private

Important

1

RCE

2

Users should not open attachments from untrusted sources.

2690533

Private

Important

1

EoP

3

Requires local system access.

2688338

Public

Important

1

EoP

3

Elevation of privilege requires local system access.

6 MS12-029: Vulnerability In Microsoft Word Could Allow Remote Code

MS12-029: Vulnerability In Microsoft Word Could Allow Remote Code

Execution (2680352)

CVE

CVE

Severity

Severity

Exploitability

Exploitability

Comment

Comment

Comment

Comment

Note

Note

CVE-2012-0183

Critical

N/A

1

Remote Code Execution

Remote Code Execution

Cooperatively Disclosed

Affected Products

Affected Products

Office 2007 SP2, SP3

Office 2007 SP2, SP3

Office 2007 SP2, SP3

Office 2003 SP3, Office 2008 For Mac, Office For Mac 2011, Office Compatibility Pack SP2, Office Compatibility Pack SP3

Office 2003 SP3, Office 2008 For Mac, Office For Mac 2011, Office Compatibility Pack SP2, Office Compatibility Pack SP3

Affected Components

Affected Components

Microsoft Word

Microsoft Word

Microsoft Word

Microsoft Word

Microsoft Word

Deployment Priority

Deployment Priority

1

1

1

1

1

Main Target

Main Target

Workstations

Workstations

Workstations

Workstations

Workstations

Possible Attack Vectors

Possible Attack Vectors

Web-Browsing Scenario: An attacker could host a website that contains an RTF file that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could be used to exploit this vulnerability. Email Attack Scenario: An attacker could exploit this vulnerability by sending the user the malicious file as an email attachment, and convince the user to open the attachment.

Web-Browsing Scenario: An attacker could host a website that contains an RTF file that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could be used to exploit this vulnerability. Email Attack Scenario: An attacker could exploit this vulnerability by sending the user the malicious file as an email attachment, and convince the user to open the attachment.

Web-Browsing Scenario: An attacker could host a website that contains an RTF file that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could be used to exploit this vulnerability. Email Attack Scenario: An attacker could exploit this vulnerability by sending the user the malicious file as an email attachment, and convince the user to open the attachment.

Web-Browsing Scenario: An attacker could host a website that contains an RTF file that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could be used to exploit this vulnerability. Email Attack Scenario: An attacker could exploit this vulnerability by sending the user the malicious file as an email attachment, and convince the user to open the attachment.

Web-Browsing Scenario: An attacker could host a website that contains an RTF file that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could be used to exploit this vulnerability. Email Attack Scenario: An attacker could exploit this vulnerability by sending the user the malicious file as an email attachment, and convince the user to open the attachment.

Impact of Attack

Impact of Attack

An attacker who successfully exploited this vulnerability could cause arbitrary code to run with the privileges of the user who opens a specially crafted RTF file or previews or opens a specially crafted RTF email message.

An attacker who successfully exploited this vulnerability could cause arbitrary code to run with the privileges of the user who opens a specially crafted RTF file or previews or opens a specially crafted RTF email message.

An attacker who successfully exploited this vulnerability could cause arbitrary code to run with the privileges of the user who opens a specially crafted RTF file or previews or opens a specially crafted RTF email message.

An attacker who successfully exploited this vulnerability could cause arbitrary code to run with the privileges of the user who opens a specially crafted RTF file or previews or opens a specially crafted RTF email message.

An attacker who successfully exploited this vulnerability could cause arbitrary code to run with the privileges of the user who opens a specially crafted RTF file or previews or opens a specially crafted RTF email message.

Mitigating Factors

Mitigating Factors

An attacker would have no way to force a user to visit a malicious website.

An attacker would have no way to force a user to visit a malicious website.

An attacker would have no way to force a user to visit a malicious website.

An attacker would have no way to force a user to visit a malicious website.

An attacker would have no way to force a user to visit a malicious website.

Additional Information

Additional Information

For Microsoft Word 2007, in addition to security update package KB2596917, customers also need to install the security update for Microsoft Office Compatibility Pack (KB2596880) to be protected from the vulnerability described in this bulletin. Workarounds: Read email in plain text (for more, consult KB831607). Use Office File Block Policy to block the opening of RTF documents from unknown or untrusted sources or locations.

For Microsoft Word 2007, in addition to security update package KB2596917, customers also need to install the security update for Microsoft Office Compatibility Pack (KB2596880) to be protected from the vulnerability described in this bulletin. Workarounds: Read email in plain text (for more, consult KB831607). Use Office File Block Policy to block the opening of RTF documents from unknown or untrusted sources or locations.

For Microsoft Word 2007, in addition to security update package KB2596917, customers also need to install the security update for Microsoft Office Compatibility Pack (KB2596880) to be protected from the vulnerability described in this bulletin. Workarounds: Read email in plain text (for more, consult KB831607). Use Office File Block Policy to block the opening of RTF documents from unknown or untrusted sources or locations.

For Microsoft Word 2007, in addition to security update package KB2596917, customers also need to install the security update for Microsoft Office Compatibility Pack (KB2596880) to be protected from the vulnerability described in this bulletin. Workarounds: Read email in plain text (for more, consult KB831607). Use Office File Block Policy to block the opening of RTF documents from unknown or untrusted sources or locations.

For Microsoft Word 2007, in addition to security update package KB2596917, customers also need to install the security update for Microsoft Office Compatibility Pack (KB2596880) to be protected from the vulnerability described in this bulletin. Workarounds: Read email in plain text (for more, consult KB831607). Use Office File Block Policy to block the opening of RTF documents from unknown or untrusted sources or locations.

Latest Software

Older Versions

7 MS12-030: Vulnerabilities In Microsoft Office Could Allow Remote Code

MS12-030: Vulnerabilities In Microsoft Office Could Allow Remote Code

Execution (2663830)

CVE

CVE

Severity

Severity

Exploitability

Exploitability

Comment

Comment

Note

Note

CVE-2012-0141

Important

3

3

Remote Code Execution

Cooperatively Disclosed

CVE-2012-0142

Important

3

3

Remote Code Execution

Cooperatively Disclosed

CVE-2012-0143

Important

N/A

1

Remote Code Execution

Publicly Disclosed

CVE-2012-0184

Important

3

1

Remote Code Execution

Cooperatively Disclosed

CVE-2012-0185

Important

2

2

Remote Code Execution

Cooperatively Disclosed

CVE-2012-1847

Important

1

1

Remote Code Execution

Cooperatively Disclosed

Affected Products

Affected Products

Microsoft Office 2010 SP1, Office 2010, Office 2007 SP3, Office 2007 SP2, Office 2003 SP3, Office 2008 for Mac, Office for Mac 2011, Microsoft Excel Viewer, Office Compatibility Pack SP2 and SP3

Microsoft Office 2010 SP1, Office 2010, Office 2007 SP3, Office 2007 SP2, Office 2003 SP3, Office 2008 for Mac, Office for Mac 2011, Microsoft Excel Viewer, Office Compatibility Pack SP2 and SP3

Microsoft Office 2010 SP1, Office 2010, Office 2007 SP3, Office 2007 SP2, Office 2003 SP3, Office 2008 for Mac, Office for Mac 2011, Microsoft Excel Viewer, Office Compatibility Pack SP2 and SP3

Microsoft Office 2010 SP1, Office 2010, Office 2007 SP3, Office 2007 SP2, Office 2003 SP3, Office 2008 for Mac, Office for Mac 2011, Microsoft Excel Viewer, Office Compatibility Pack SP2 and SP3

Affected Components

Affected Components

Microsoft Excel

Microsoft Excel

Microsoft Excel

Microsoft Excel

Deployment Priority

Deployment Priority

2

2

2

2

Main Target

Main Target

Workstations

Workstations

Workstations

Workstations

Possible Attack Vectors

Possible Attack Vectors

Web-Browsing Scenario: An attacker could host a website that contains a specially crafted Excel file that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could be used to exploit this vulnerability. Email Attack Scenario: An attacker could exploit this vulnerability by sending the user the malicious file as an email attachment, and convince the user to open the attachment.

Web-Browsing Scenario: An attacker could host a website that contains a specially crafted Excel file that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could be used to exploit this vulnerability. Email Attack Scenario: An attacker could exploit this vulnerability by sending the user the malicious file as an email attachment, and convince the user to open the attachment.

Web-Browsing Scenario: An attacker could host a website that contains a specially crafted Excel file that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could be used to exploit this vulnerability. Email Attack Scenario: An attacker could exploit this vulnerability by sending the user the malicious file as an email attachment, and convince the user to open the attachment.

Web-Browsing Scenario: An attacker could host a website that contains a specially crafted Excel file that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could be used to exploit this vulnerability. Email Attack Scenario: An attacker could exploit this vulnerability by sending the user the malicious file as an email attachment, and convince the user to open the attachment.

Impact of Attack

Impact of Attack

An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user.

An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user.

An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user.

An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user.

Mitigating Factors

Mitigating Factors

An attacker would have no way to force users to visit a website or open an email attachment. The vulnerability cannot be exploited automatically through email. For an attack to be successful a user must open an attachment that is sent in an email message.

An attacker would have no way to force users to visit a website or open an email attachment. The vulnerability cannot be exploited automatically through email. For an attack to be successful a user must open an attachment that is sent in an email message.

An attacker would have no way to force users to visit a website or open an email attachment. The vulnerability cannot be exploited automatically through email. For an attack to be successful a user must open an attachment that is sent in an email message.

An attacker would have no way to force users to visit a website or open an email attachment. The vulnerability cannot be exploited automatically through email. For an attack to be successful a user must open an attachment that is sent in an email message.

Additional Information

Additional Information

For Microsoft Excel 2007, in addition to security update package KB2597161, customers also need to install the security update for the Microsoft Office Compatibility Pack (KB2597162). Microsoft Excel Viewer must be updated to a supported service pack level (Excel Viewer 2007 Service Pack 2 or Excel Viewer 2007 Service Pack 3) before installing this update.

For Microsoft Excel 2007, in addition to security update package KB2597161, customers also need to install the security update for the Microsoft Office Compatibility Pack (KB2597162). Microsoft Excel Viewer must be updated to a supported service pack level (Excel Viewer 2007 Service Pack 2 or Excel Viewer 2007 Service Pack 3) before installing this update.

For Microsoft Excel 2007, in addition to security update package KB2597161, customers also need to install the security update for the Microsoft Office Compatibility Pack (KB2597162). Microsoft Excel Viewer must be updated to a supported service pack level (Excel Viewer 2007 Service Pack 2 or Excel Viewer 2007 Service Pack 3) before installing this update.

For Microsoft Excel 2007, in addition to security update package KB2597161, customers also need to install the security update for the Microsoft Office Compatibility Pack (KB2597162). Microsoft Excel Viewer must be updated to a supported service pack level (Excel Viewer 2007 Service Pack 2 or Excel Viewer 2007 Service Pack 3) before installing this update.

Latest Software

Older Versions

8 MS12-031: Vulnerability In Microsoft Visio Viewer Could Allow Remote

MS12-031: Vulnerability In Microsoft Visio Viewer Could Allow Remote

Code Execution (2597981)

Web-Browsing Scenario: An attacker could host a website that contains a Visio file that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could be used to exploit this vulnerability. Email Attack Scenario: An attacker could exploit this vulnerability by sending the user the malicious file as an email attachment, and convince the user to open the attachment.

Web-Browsing Scenario: An attacker could host a website that contains a Visio file that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could be used to exploit this vulnerability. Email Attack Scenario: An attacker could exploit this vulnerability by sending the user the malicious file as an email attachment, and convince the user to open the attachment.

Web-Browsing Scenario: An attacker could host a website that contains a Visio file that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could be used to exploit this vulnerability. Email Attack Scenario: An attacker could exploit this vulnerability by sending the user the malicious file as an email attachment, and convince the user to open the attachment.

Web-Browsing Scenario: An attacker could host a website that contains a Visio file that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could be used to exploit this vulnerability. Email Attack Scenario: An attacker could exploit this vulnerability by sending the user the malicious file as an email attachment, and convince the user to open the attachment.

An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.

An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.

An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.

An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.

An attacker would have no way to force users to visit a website or open an email attachment. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration. By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted Sites Zone.

An attacker would have no way to force users to visit a website or open an email attachment. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration. By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted Sites Zone.

An attacker would have no way to force users to visit a website or open an email attachment. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration. By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted Sites Zone.

An attacker would have no way to force users to visit a website or open an email attachment. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration. By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted Sites Zone.

CVE

CVE

Severity

Severity

Exploitability

Exploitability

Comment

Comment

Note

Note

CVE-2012-0018

Important

1

N/A

Remote Code Execution

Cooperatively Disclosed

Affected Products

Affected Products

All supported versions of Microsoft Visio Viewer 2010

All supported versions of Microsoft Visio Viewer 2010

All supported versions of Microsoft Visio Viewer 2010

All supported versions of Microsoft Visio Viewer 2010

Affected Components

Affected Components

Visio Viewer

Visio Viewer

Visio Viewer

Visio Viewer

Deployment Priority

Deployment Priority

2

2

2

2

Main Target

Main Target

Workstations

Workstations

Workstations

Workstations

Possible Attack Vectors

Possible Attack Vectors

Impact of Attack

Impact of Attack

Mitigating Factors

Mitigating Factors

Latest Software

Older Versions

9 MS12-032: Vulnerability In TCP/IP Could Allow Elevation of Privilege

MS12-032: Vulnerability In TCP/IP Could Allow Elevation of Privilege

(2688338)

CVE

CVE

Severity

Severity

Exploitability

Exploitability

Comment

Comment

Note

Note

CVE-2012-0174

Important

N/A

N/A

Security Bypass

Cooperatively Disclosed

CVE-2012-0179

Important

1

N/A

Elevation of Privilege

Publicly Disclosed

Affected Products

Affected Products

All supported versions of Windows 7, Windows Vista, Windows Server 2008, and Windows Server 2008 R2

All supported versions of Windows 7, Windows Vista, Windows Server 2008, and Windows Server 2008 R2

All supported versions of Windows 7, Windows Vista, Windows Server 2008, and Windows Server 2008 R2

All supported versions of Windows 7, Windows Vista, Windows Server 2008, and Windows Server 2008 R2

Affected Components

Affected Components

Windows Firewall, TCP/IP

Windows Firewall, TCP/IP

Windows Firewall, TCP/IP

Windows Firewall, TCP/IP

Deployment Priority

Deployment Priority

3

3

3

3

Main Target

Main Target

Workstations and Servers

Workstations and Servers

Workstations and Servers

Workstations and Servers

Possible Attack Vectors

Possible Attack Vectors

CVE-2012-0174: In order to use this vulnerability, an attacker would first have to gain access to the local subnet of the target computer. An attacker could then use another vulnerability to acquire information about the target system or execute code on the target system. CVE-2012-0179: To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take complete control over the affected system.

CVE-2012-0174: In order to use this vulnerability, an attacker would first have to gain access to the local subnet of the target computer. An attacker could then use another vulnerability to acquire information about the target system or execute code on the target system. CVE-2012-0179: To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take complete control over the affected system.

CVE-2012-0174: In order to use this vulnerability, an attacker would first have to gain access to the local subnet of the target computer. An attacker could then use another vulnerability to acquire information about the target system or execute code on the target system. CVE-2012-0179: To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take complete control over the affected system.

CVE-2012-0174: In order to use this vulnerability, an attacker would first have to gain access to the local subnet of the target computer. An attacker could then use another vulnerability to acquire information about the target system or execute code on the target system. CVE-2012-0179: To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take complete control over the affected system.

Impact of Attack

Impact of Attack

CVE-2012-0174: An attacker who successfully exploited this vulnerability could bypass Windows Firewall. CVE-2012-0179: An attacker who successfully exploited this vulnerability could run arbitrary code in the context of another process.

CVE-2012-0174: An attacker who successfully exploited this vulnerability could bypass Windows Firewall. CVE-2012-0179: An attacker who successfully exploited this vulnerability could run arbitrary code in the context of another process.

CVE-2012-0174: An attacker who successfully exploited this vulnerability could bypass Windows Firewall. CVE-2012-0179: An attacker who successfully exploited this vulnerability could run arbitrary code in the context of another process.

CVE-2012-0174: An attacker who successfully exploited this vulnerability could bypass Windows Firewall. CVE-2012-0179: An attacker who successfully exploited this vulnerability could run arbitrary code in the context of another process.

Mitigating Factors

Mitigating Factors

CVE-2012-0174: An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. CVE-2012-0179: Microsoft has not identified any mitigating factors for this vulnerability.

CVE-2012-0174: An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. CVE-2012-0179: Microsoft has not identified any mitigating factors for this vulnerability.

CVE-2012-0174: An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. CVE-2012-0179: Microsoft has not identified any mitigating factors for this vulnerability.

CVE-2012-0174: An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. CVE-2012-0179: Microsoft has not identified any mitigating factors for this vulnerability.

Latest Software

Older Versions

10 MS12-033: Vulnerability In Windows Partition Manager Could Allow

MS12-033: Vulnerability In Windows Partition Manager Could Allow

Elevation of Privilege (2690533)

CVE

CVE

Severity

Severity

Exploitability

Exploitability

Comment

Comment

Note

Note

CVE-2012-0178

Important

1

1

Elevation of Privilege

Cooperatively Disclosed

Affected Products

Affected Products

All supported versions of Windows 7, Windows Vista, Windows Server 2008, and Windows Server 2008 R2

All supported versions of Windows 7, Windows Vista, Windows Server 2008, and Windows Server 2008 R2

All supported versions of Windows 7, Windows Vista, Windows Server 2008, and Windows Server 2008 R2

All supported versions of Windows 7, Windows Vista, Windows Server 2008, and Windows Server 2008 R2

Affected Components

Affected Components

Windows Partition Manager

Windows Partition Manager

Windows Partition Manager

Windows Partition Manager

Deployment Priority

Deployment Priority

3

3

3

3

Main Target

Main Target

Workstations and Servers

Workstations and Servers

Workstations and Servers

Workstations and Servers

Possible Attack Vectors

Possible Attack Vectors

To exploit this vulnerability, an attacker would first have to log on to the system. Then, an attacker could run a specially crafted application that could exploit the vulnerability and take complete control over the affected system.

To exploit this vulnerability, an attacker would first have to log on to the system. Then, an attacker could run a specially crafted application that could exploit the vulnerability and take complete control over the affected system.

To exploit this vulnerability, an attacker would first have to log on to the system. Then, an attacker could run a specially crafted application that could exploit the vulnerability and take complete control over the affected system.

To exploit this vulnerability, an attacker would first have to log on to the system. Then, an attacker could run a specially crafted application that could exploit the vulnerability and take complete control over the affected system.

Impact of Attack

Impact of Attack

An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode and take complete control of an affected system.

An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode and take complete control of an affected system.

An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode and take complete control of an affected system.

An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode and take complete control of an affected system.

Mitigating Factors

Mitigating Factors

An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

Additional Information

Additional Information

Installations using Server Core are affected.

Installations using Server Core are affected.

Installations using Server Core are affected.

Installations using Server Core are affected.

Latest Software

Older Versions

11 MS12-034: Combined Security Update For Microsoft Office, Windows,

MS12-034: Combined Security Update For Microsoft Office, Windows,

NET Framework, and Silverlight (2681578) Slide 1 of 3

CVE

CVE

Severity

Severity

Exploitability

Exploitability

Comment

Comment

Comment

Comment

Note

Note

CVE-2011-3402

Critical

1

1

Remote Code Execution

Remote Code Execution

Publicly Disclosed

CVE-2012-0159

Critical

1

1

Remote Code Execution

Remote Code Execution

Cooperatively Disclosed

CVE-2012-0162

Critical

1

N/A

Remote Code Execution

Remote Code Execution

Cooperatively Disclosed

CVE-2012-0164

Moderate

N/A

N/A

Denial of Service

Denial of Service

Publicly Disclosed

CVE-2012-0165

Important

2

1

Remote Code Execution

Remote Code Execution

Cooperatively Disclosed

CVE-2012-0167

Important

N/A

1

Remote Code Execution

Remote Code Execution

Cooperatively Disclosed

CVE-2012-0176

Critical

N/A

1

Remote Code Execution

Remote Code Execution

Cooperatively Disclosed

CVE-2012-0180

Important

1

1

Elevation of Privilege

Elevation of Privilege

Cooperatively Disclosed

CVE-2012-0181

Important

3

1

Elevation of Privilege

Elevation of Privilege

Publicly Disclosed

CVE-2012-1848

Important

1

1

Elevation of Privilege

Elevation of Privilege

Cooperatively Disclosed

All supported versions of Windows and Windows Server, All supported versions of .NET 3, .NET 3.5.1, and .NET 4; Microsoft Silverlight 4, Microsoft Silverlight 5

All supported versions of Windows and Windows Server, All supported versions of .NET 3, .NET 3.5.1, and .NET 4; Microsoft Silverlight 4, Microsoft Silverlight 5

All supported versions of Windows and Windows Server, All supported versions of .NET 3, .NET 3.5.1, and .NET 4; Microsoft Silverlight 4, Microsoft Silverlight 5

All supported versions of Office (except Compatibility Pack SP2 and SP3, and Office For Mac)

All supported versions of Office (except Compatibility Pack SP2 and SP3, and Office For Mac)

.NET Framework

.NET Framework

.NET Framework

.NET Framework

.NET Framework

1

1

1

1

1

Workstations and Servers

Workstations and Servers

Workstations and Servers

Workstations and Servers

Workstations and Servers

Affected Products and Components

Affected Products and Components

Affected Products and Components

Affected Products and Components

Deployment Priority

Deployment Priority

Main Target

Main Target

Latest Software

Older Versions

12 MS12-034: Combined Security Update For Microsoft Office, Windows,

MS12-034: Combined Security Update For Microsoft Office, Windows,

NET Framework, and Silverlight (2681578) Slide 2 of 3

Affected Products and Components

Affected Products and Components

Possible Attack Vectors

CVE-2011-3402, CVE-2012-0159, CVE-2012-0165: File Sharing Scenario: An attacker could exploit this vulnerability by convincing a user to open a specially crafted document file or malicious image on a file or network share. CVE-2011-3402, CVE-2012-0159, CVE-2012-0162, CVE-2012-0165, CVE-2012-0176, CVE-2012-0167: Web-Browsing Scenario: An attacker could host a website that contains a webpage that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could be used to exploit this vulnerability. In the case of CVE-2012-0167, a webpage would have to host a specially crafted Office document. CVE-2012-0159, CVE-2012-0180, CVE-2012-0181, CVE-2012-1848: Local Attack Scenario: To exploit this vulnerability, an attacker would first have to log on to the system. Then, an attacker could run a specially crafted application that could exploit the vulnerability and take complete control over the affected system. CVE-2012-0164: An unauthenticated attacker could send a small number of specially crafted requests to an affected site. CVE-2012-0165, CVE-2012-0167: Email Attack Scenario: An attacker could exploit this vulnerability by sending the user the malicious file as an email attachment, and convince the user to open the attachment.

CVE-2011-3402, CVE-2012-0159, CVE-2012-0165: File Sharing Scenario: An attacker could exploit this vulnerability by convincing a user to open a specially crafted document file or malicious image on a file or network share. CVE-2011-3402, CVE-2012-0159, CVE-2012-0162, CVE-2012-0165, CVE-2012-0176, CVE-2012-0167: Web-Browsing Scenario: An attacker could host a website that contains a webpage that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could be used to exploit this vulnerability. In the case of CVE-2012-0167, a webpage would have to host a specially crafted Office document. CVE-2012-0159, CVE-2012-0180, CVE-2012-0181, CVE-2012-1848: Local Attack Scenario: To exploit this vulnerability, an attacker would first have to log on to the system. Then, an attacker could run a specially crafted application that could exploit the vulnerability and take complete control over the affected system. CVE-2012-0164: An unauthenticated attacker could send a small number of specially crafted requests to an affected site. CVE-2012-0165, CVE-2012-0167: Email Attack Scenario: An attacker could exploit this vulnerability by sending the user the malicious file as an email attachment, and convince the user to open the attachment.

All supported versions of Windows and Windows Server; All supported versions of .NET 3, .NET 3.5.1, and .NET 4; Microsoft Silverlight 4, Microsoft Silverlight 5

All supported versions of Office (except Compatibility SP2 and SP3, and Office For Mac)

.NET Framework

.NET Framework

CVE-2011-3402 RCE

CVE-2012-0159 RCE

CVE-2012-0162 RCE

CVE-2012-0164 DoS

CVE-2012-0165 RCE

CVE-2012-0167 RCE

CVE-2012-0176 RCE

CVE-2012-0180 EoP

CVE-2012-0181 EoP

CVE-2012-1848 EoP

13 MS12-034: Combined Security Update For Microsoft Office, Windows,

MS12-034: Combined Security Update For Microsoft Office, Windows,

NET Framework, and Silverlight (2681578) Slide 3 of 3

Affected Products and Components

Affected Products and Components

Impact of Attack

Mitigating Factors

CVE-2011-3402, CVE-2012-0159, CVE-2012-0162, CVE-2012-0165, CVE-2012-0167, CVE-2012-0176: An attacker successfully exploiting this issue could gain the same user rights as a logged-on user. CVE-2012-0159: An attacker who successfully exploited this vulnerability could run arbitrary code in Kernel mode and take complete control of an affected system. CVE-2012-0181, CVE-2012-1848: An attacker who successfully exploited this vulnerability could run arbitrary code in the context of another process. CVE-2012-0164: An attacker could cause applications created using WPF APIs that are running on a user's system to stop responding until manually restarted.

CVE-2011-3402, CVE-2012-0159, CVE-2012-0162, CVE-2012-0165, CVE-2012-0167, CVE-2012-0176: An attacker successfully exploiting this issue could gain the same user rights as a logged-on user. CVE-2012-0159: An attacker who successfully exploited this vulnerability could run arbitrary code in Kernel mode and take complete control of an affected system. CVE-2012-0181, CVE-2012-1848: An attacker who successfully exploited this vulnerability could run arbitrary code in the context of another process. CVE-2012-0164: An attacker could cause applications created using WPF APIs that are running on a user's system to stop responding until manually restarted.

CVE-2011-3402, CVE-2012-0159, CVE-2012-0162, CVE-2012-0165, CVE-2012-0167, CVE-2012-0176: An attacker would have no way to force users to visit a website or open an email attachment. CVE-2011-3402, CVE-2012-0159: By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted Sites Zone. CVE-2012-0162, CVE-2012-0176, CVE-2012-1848: By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration. CVE-2012-0180, CVE-2012-0181: An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. CVE-2012-0162: On systems where MS11-044 has been applied, users will be prompted before XBAP applications will execute when in the Internet Zone of Internet Explorer. A user must click through this prompt in order to run the XBAP application on their system. CVE-2012-0164: Microsoft has not identified any mitigating factors for this vulnerability.

CVE-2011-3402, CVE-2012-0159, CVE-2012-0162, CVE-2012-0165, CVE-2012-0167, CVE-2012-0176: An attacker would have no way to force users to visit a website or open an email attachment. CVE-2011-3402, CVE-2012-0159: By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted Sites Zone. CVE-2012-0162, CVE-2012-0176, CVE-2012-1848: By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration. CVE-2012-0180, CVE-2012-0181: An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. CVE-2012-0162: On systems where MS11-044 has been applied, users will be prompted before XBAP applications will execute when in the Internet Zone of Internet Explorer. A user must click through this prompt in order to run the XBAP application on their system. CVE-2012-0164: Microsoft has not identified any mitigating factors for this vulnerability.

CVE-2011-3402 RCE

CVE-2012-0159 RCE

CVE-2012-0162 RCE

CVE-2012-0164 DoS

CVE-2012-0165 RCE

CVE-2012-0167 RCE

CVE-2012-0176 RCE

CVE-2012-0180 EoP

CVE-2012-0181 EoP

CVE-2012-1848 EoP

All supported versions of Windows and Windows Server, All supported versions of .NET 3, .NET 3.5.1, and .NET 4; Microsoft Silverlight 4, Microsoft Silverlight 5

All supported versions of Office (except Compatibility SP2 and SP3, and Office For Mac)

.NET Framework

.NET Framework

14 MS12-035: Vulnerabilities in

MS12-035: Vulnerabilities in

NET Framework Could Allow Remote Code Execution (2693777)

CVE

CVE

Severity

Severity

Exploitability

Exploitability

Comment

Comment

Note

Note

Web-Browsing Scenario: An attacker could host a specially crafted website that contains a specially crafted XBAP (XAML browser application) that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could be used to exploit this vulnerability. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

Web-Browsing Scenario: An attacker could host a specially crafted website that contains a specially crafted XBAP (XAML browser application) that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could be used to exploit this vulnerability. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

Web-Browsing Scenario: An attacker could host a specially crafted website that contains a specially crafted XBAP (XAML browser application) that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could be used to exploit this vulnerability. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

Web-Browsing Scenario: An attacker could host a specially crafted website that contains a specially crafted XBAP (XAML browser application) that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could be used to exploit this vulnerability. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

An attacker would have no way to force users to visit a website. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration. Standard .NET Framework applications are not affected by this vulnerability. Only specially crafted .NET Framework applications could exploit this vulnerability. (CVE-2012-0160)

An attacker would have no way to force users to visit a website. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration. Standard .NET Framework applications are not affected by this vulnerability. Only specially crafted .NET Framework applications could exploit this vulnerability. (CVE-2012-0160)

An attacker would have no way to force users to visit a website. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration. Standard .NET Framework applications are not affected by this vulnerability. Only specially crafted .NET Framework applications could exploit this vulnerability. (CVE-2012-0160)

An attacker would have no way to force users to visit a website. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration. Standard .NET Framework applications are not affected by this vulnerability. Only specially crafted .NET Framework applications could exploit this vulnerability. (CVE-2012-0160)

CVE-2012-0160

Critical

1

1

Remote Code Execution

Cooperatively Disclosed

CVE-2012-0161

Critical

1

1

Remote Code Execution

Cooperatively Disclosed

Affected Products

Affected Products

All supported versions of .NET Framework on all supported versions of Windows and Windows Server

All supported versions of .NET Framework on all supported versions of Windows and Windows Server

All supported versions of .NET Framework on all supported versions of Windows and Windows Server

All supported versions of .NET Framework on all supported versions of Windows and Windows Server

Affected Components

Affected Components

.NET Framework

.NET Framework

.NET Framework

.NET Framework

Deployment Priority

Deployment Priority

2

2

2

2

Main Target

Main Target

Workstations and Servers

Workstations and Servers

Workstations and Servers

Workstations and Servers

Possible Attack Vectors

Possible Attack Vectors

Impact of Attack

Impact of Attack

An attacker successfully exploiting this issue could gain the same user rights as a logged-on user.

An attacker successfully exploiting this issue could gain the same user rights as a logged-on user.

An attacker successfully exploiting this issue could gain the same user rights as a logged-on user.

An attacker successfully exploiting this issue could gain the same user rights as a logged-on user.

Mitigating Factors

Mitigating Factors

Additional Information

Additional Information

.NET Framework 4 and .NET Framework 4 Client Profile Affected

.NET Framework 4 and .NET Framework 4 Client Profile Affected

.NET Framework 4 and .NET Framework 4 Client Profile Affected

.NET Framework 4 and .NET Framework 4 Client Profile Affected

Latest Software

Older Versions

15 Security Advisory 2695962 – Remote Code Execution Update Rollup For

Security Advisory 2695962 – Remote Code Execution Update Rollup For

Active X Kill Bits

This update sets the kill bits for the following third-party software: Cisco Clientless VPN solution. Installing this update will block the vulnerable control from running in Internet Explorer. For more information regarding security issues in the Cisco Clientless VPN solution ActiveX control, please see the Cisco Security Advisory, Cisco ASA 5500 Series Adaptive Security Appliance Clientless VPN ActiveX Control Remote Code Execution Vulnerability. This advisory affects all supported versions of Windows.

16 Detection & Deployment

Detection & Deployment

MS12-029 Word

MS12-030 Office

MS12-031 Visio

MS12-032 TCP/IP

MS12-033 Partition Mgr.

MS12-034 GDI+/TTF

MS12-035 NETFX

Bulletin

Windows Update

Microsoft Update

MBSA

WSUS 3.0

SMS 2003 with ITMU

SCCM 2007

No

Yes*

Yes*

Yes*

Yes*

Yes*

No

Yes

Yes*

Yes*

Yes*

Yes*

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes**

Yes

Yes

Yes

Yes**

Yes

Yes

Yes

Yes

Yes

Yes

*Except in Microsoft Office 2008 for Mac and Microsoft Office for Mac 2011 **Except Silverlight 4 installed on Mac OS

17 Other Update Information

Other Update Information

MS12-029 Word

MS12-030 Office

MS12-031 Visio

MS12-032 TCP/IP

MS12-033 Partition Mgr.

MS12-034 GDI+/TTF

MS12-035 NETFX

Bulletin

Restart

Uninstall

Replaces

Maybe

Yes

MS11-089, MS11-094

Maybe

Yes

MS11-072, MS11-089, MS11-096

Maybe

Yes

MS12-015

Yes

Yes

MS11-083

Yes

Yes

None

Yes

No

MS10-087, MS12-018

No

Yes

MS11-028, MS11-044, MS11-078, MS11-100, MS12-016

18 Windows Malicious Software Removal Tool (MSRT)

Windows Malicious Software Removal Tool (MSRT)

During this release Microsoft will increase detection capability for the following families in the MSRT: Win32/Unruy: A trojan that is capable of connecting to certain remote servers to download and execute arbitrary files. It can also delete files, schedule tasks, and perform other actions. Depending on the computer's Internet Explorer settings, may also disable third-party browser extensions and BHOs from running. Win32/Dishigy: A trojan that captures keystrokes and steals login credentials through a method known as "form grabbing". It sends captured data to a remote attacker and is capable of downloading additional malicious components. For the first time, Microsoft is releasing MSRT to Windows 8 machines. Available as a priority update through Windows Update or Microsoft Update. Is offered through WSUS 3.0 or as a download at: www.microsoft.com/malwareremove.

19 Resources

Resources

Bulletins, Advisories, Notifications & Newsletters Security Bulletins Summary: www.microsoft.com/technet/security/bulletin/summary.mspx Security Bulletins Search: www.microsoft.com/technet/security/current.aspx Security Advisories: www.microsoft.com/technet/security/advisory/ Microsoft Technical Security Notifications: www.microsoft.com/technet/security/bulletin/notify.mspx Microsoft Security Newsletter: www.microsoft.com/technet/security/secnews Other Resources Update Management Process http://www.microsoft.com/technet/security/guidance/patchmanagement/secmod193.mspx Microsoft Active Protection Program Partners: http://www.microsoft.com/security/msrc/mapp/partners.mspx

Blogs Microsoft Security Response Center (MSRC) blog: www.blogs.technet.com/msrc Security Research & Defense blog: http://blogs.technet.com/srd Microsoft Malware Protection Center Blog: http://blogs.technet.com/mmpc/ Twitter @MSFTSecResponse Security Centers Microsoft Security Home Page: www.microsoft.com/security TechNet Security Center: www.microsoft.com/technet/security MSDN Security Developer Center: http://msdn.microsoft.com/en-us/security/default.aspx

20 Questions and Answers

Questions and Answers

Submit text questions using the “Ask” button. Don’t forget to fill out the survey. A recording of this webcast will be available within 48 hours on the MSRC Blog: http://blogs.technet.com/msrc Register for next month’s webcast at: http://microsoft.com/technet/security/current.aspx

21 © 2012 Microsoft Corporation

© 2012 Microsoft Corporation

All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

«Information About Microsoft May 2012 Security Bulletins»
http://900igr.net/prezentacija/informatika/information-about-microsoft-may-2012-security-bulletins-191728.html
cсылка на страницу

Microsoft

6 презентаций о Microsoft
Урок

Информатика

130 тем
Слайды
900igr.net > Презентации по информатике > Microsoft > Information About Microsoft May 2012 Security Bulletins