Gladiator Research and Security

Microsoft has announced seven new patches today. Of the seven, five remediate vulnerabilities that could allow remote code execution. MS12-029, MS-12-034, MS12-035 are rated Critical by Microsoft, and Gladiator recommends all users install these patches as soon as possible. Gladiator also recommends you apply patches MS12-030 and MS12-031 to remediate vulnerabilities that could lead to remote code execution. All other patches can be applied during your normal patch window.  The patches released affect Microsoft Windows, Microsoft .NET Framework, Microsoft Silverlight, and Microsoft Office. Detailed information regarding the patches can be found in Microsoft’s May Security Bulletin. Summary information is included below:

Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352) MS12-029 - This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578) MS12-034 - This security update resolves three publicly disclosed vulnerabilities and seven privately reported vulnerabilities in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a malicious webpage that embeds TrueType font files. An attacker would have no way to force users to visit a malicious website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker’s website.

Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777) MS12-035 - This security update resolves two privately reported vulnerabilities in the .NET Framework. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2663830) MS12-030 – This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2597981) MS12-031 - This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338) MS12-032 - This security update resolves one privately reported and one publicly disclosed vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.

Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533) MS12-033 - This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

Reference Link:

Microsoft Security Bulletin (http://technet.microsoft.com/en-us/security/bulletin/ms12-may)

GSA Reference Number: AD120507-01

Simply Put: Adobe has released a security update that remedies one vulnerability which could allow an attacker to gain control of an affected system. This vulnerability affects Adobe Flash Player 11.2.202.233 and earlier versions on Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.7 and earlier versions for Android 4.x, as well as Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and 2.x. Gladiator recommends that users apply the patch provided by Adobe as soon as possible.

Attack Details: This update resolves an object confusion vulnerability that could lead to code execution. There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows only.

Countermeasures: Adobe has released an update for these vulnerabilities. Gladiator recommends that users upgrade to the latest version as soon as possible.

Reference Links:

Security update available for Adobe Flash Player (http://www.adobe.com/support/security/bulletins/apsb12-09.html)

Microsoft has announced six new patches today. Of the six, five remediate vulnerabilities that could allow remote code execution. MS12-023, MS12-024, MS12-025, MS12-027, MS12-028 are all rated Critical by Microsoft and Gladiator recommends all institutions install these patches as soon as possible. The remaining patch fixes a potential information leak in Microsoft Forefront Unified Access Gateway and can be applied during your normal patching window. The patches today remediate vulnerabilities found in Microsoft Windows, Internet Explorer, Microsoft .NET Framework, Microsoft Office, Microsoft SQL Server, Microsoft Server Software, Microsoft Developer Tools and the previously mentioned Microsoft Forefront United Access Gateway. Detailed information regarding the patches can be found in Microsoft’s April Security Bulletin. Summary information is included below.

• Continue reading