Public Safety Canada
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links | Liens de navigation communs

Skip Navigational Links Home > National security > Cyber Security: A Shared Responsibility > Cyber Security Publications > Analytical releases 2012 > AV12-005: Microsoft Security Bulletin Summary for February 2012

Institutional links

Microsoft Security Bulletin Summary for February 2012

Number: AV12-005
Date: 15 February 2012

Purpose

The purpose of this advisory is to bring attention to the monthly Microsoft Security Bulletin Summary for February. The summary covers 9 bulletins (4 Critical and 5 Important), which address 21 vulnerabilities in some Microsoft products.

Assessment

Microsoft has released the following security bulletins:

MS12-008 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465)
Details: This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if a user visits a website containing specially crafted content or if a specially crafted application is run locally. The security update addresses the vulnerabilities by modifying the way the Windows kernel-mode driver handles user mode calls to GDI and handles keyboard layout errors.
Maximum Security Impact: Remote Code Execution
Aggregate Severity Rating: Critical
Maximum Exploitability Index: 1 - Exploit code likely
Maximum Denial of Service Exploitability Index: Permanent
Affected Products: Windows XP Service Pack 3, Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista Service Pack 2, Windows Vista x64 Edition Service Pack 2, Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2, Windows Server 2008 for Itanium-based Systems Service Pack 2, Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
CVE References: CVE-2011-5046, CVE-2012-0154
http://technet.microsoft.com/en-us/security/bulletin/ms12-008

MS12-009 - Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640)
Details: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application.
Maximum Security Impact: Elevation of Privilege
Aggregate Severity Rating: Important
Maximum Exploitability Index: 1 - Exploit code likely
Maximum Denial of Service Exploitability Index: Permanent
Affected Products: Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista x64 Edition Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2, Windows Server 2008 for Itanium-based Systems Service Pack 2, Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
CVE References: CVE-2012-0148, CVE-2012-0149
http://technet.microsoft.com/en-us/security/bulletin/ms12-009

MS12-010 - Cumulative Security Update for Internet Explorer (2647516)
Details: This security update resolves four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted web page using Internet Explorer. The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles content during copy and paste processes, handles objects in memory, and creates and initializes strings.
Maximum Security Impact: Remote Code Execution
Aggregate Severity Rating: Critical
Maximum Exploitability Index: 1 - Exploit code likely
Maximum Denial of Service Exploitability Index: Temporary
Affected Products: Microsoft Internet Explorer 6, Internet Explorer 7, Internet Explorer 8 and Internet Explorer 9
CVE References: CVE-2012-0010, CVE-2012-0011, CVE-2012-0012, CVE-2012-0155
http://technet.microsoft.com/en-us/security/bulletin/ms12-010

MS12-011 - Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841)
Details: This security update resolves three privately reported vulnerabilities in Microsoft SharePoint and Microsoft SharePoint Foundation. These vulnerabilities could allow elevation of privilege or information disclosure if a user clicks a specially crafted URL. The security update addresses the vulnerabilities by correcting the way that Microsoft SharePoint validates and sanitizes user input.
Maximum Security Impact: Elevation of Privilege
Aggregate Severity Rating: Important
Maximum Exploitability Index: 1 - Exploit code likely
Maximum Denial of Service Exploitability Index: N/A
Affected Products: Microsoft SharePoint Server 2010 and Microsoft SharePoint Server 2010 Service Pack 1, Microsoft SharePoint Foundation 2010 and Microsoft SharePoint Foundation 2010 Service Pack 1
CVE References: CVE-2012-0017, CVE-2012-0144, CVE-2012-0145
http://technet.microsoft.com/en-us/security/bulletin/ms12-011

Ms12-012 - Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719)
Details: This security update resolves one publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .icm or .icc file) that is located in the same directory as a specially crafted dynamic link library (DLL) file. The security update addresses the vulnerability by correcting the manner in which the Color Control Panel loads external libraries.
Maximum Security Impact: Remote Code Execution
Aggregate Severity Rating: Important
Maximum Exploitability Index: 1 - Exploit code likely Maximum
Denial of Service Exploitability Index: N/A
Affected Products: Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2, Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
CVE References: CVE-2010-5082
http://technet.microsoft.com/en-us/security/bulletin/MS12-012

MS12-013 - Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428)
Details: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted media file that is hosted on a website or sent as an email attachment. The security update addresses the vulnerability by modifying the way that the msvcrt dynamic link library (DLL) calculates the size of data structures in memory.
Maximum Security Impact: Remote Code Execution
Aggregate Severity Rating: Critical
Maximum Exploitability Index: 1 - Exploit code likely
Maximum Denial of Service Exploitability Index: Temporary
Affected Products: Windows Vista Service Pack 2, Windows Vista x64 Edition Service Pack 2, Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2, Windows Server 2008 for Itanium-based Systems Service Pack 2, Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
CVE References: CVE-2012-0150
http://technet.microsoft.com/en-us/security/bulletin/ms12-013

MS12-014 - Vulnerability in Indeo Codec Could Allow Remote Code Execution (2661637)
Details: This security update resolves one publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .avi file) that is located in the same directory as a specially crafted dynamic link library (DLL) file. The security update addresses the vulnerability by correcting the manner in which the Indeo Codec loads external libraries.
Maximum Security Impact: Remote Code Execution
Aggregate Severity Rating: Important
Maximum Exploitability Index: 1 - Exploit code likely
Maximum Denial of Service Exploitability Index: N/A
Affected Products: Windows XP Service Pack 3
CVE References: CVE-2010-3138
http://technet.microsoft.com/en-us/security/bulletin/ms12-014

MS12-015 - Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2663510)
Details: This security update resolves five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. The security update addresses the vulnerabilities by correcting the way that Microsoft Visio Viewer validates data when parsing specially crafted Visio files.
Maximum Security Impact: Remote Code Execution
Aggregate Severity Rating: Important
Maximum Exploitability Index: 1 - Exploit code likely
Maximum Denial of Service Exploitability Index: N/A
Affected Products: Microsoft Visio Viewer 2010 and Microsoft Visio Viewer 2010 Service Pack 1 (32-bit Edition), Microsoft Visio Viewer 2010 and Microsoft Visio Viewer 2010 Service Pack 1 (64-bit Edition)
CVE References: CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, CVE-2012-0138
http://technet.microsoft.com/en-us/security/bulletin/ms12-015

MS12-016 - Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026)
Details: This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted web page using a web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. The security update addresses the vulnerabilities by correcting the manner in which Microsoft .NET Framework and Microsoft Silverlight use unmanaged objects.
Maximum Security Impact: Remote Code Execution
Aggregate Severity Rating: Critical
Maximum Exploitability Index: 1 - Exploit code likely
Maximum Denial of Service Exploitability Index: N/A
Affected Products: Windows XP Service Pack 3, Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista Service Pack 2, Windows Vista x64 Edition Service Pack 2, Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2, Windows Server 2008 for Itanium-based Systems Service Pack 2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for Itanium-based Systems, Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
CVE References: CVE-2012-0014, CVE-2012-0015
http://technet.microsoft.com/en-us/security/bulletin/ms12-016

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly. Microsoft has published a risk matrix table to assist organizations in evaluating and prioritizing deployment of these security updates. This table is available at the following URL:
http://blogs.technet.com/b/msrc/archive/2012/02/14/msrc-looks-back-at-ten-years-and-the-february-2012-bulletins.aspx

References:
http://technet.microsoft.com/en-us/security/bulletin/ms12-feb

Note to Readers

The Canadian Cyber Incident Response Centre (CCIRC) operates within Public Safety Canada, and works with partners inside and outside Canada to mitigate cyber threats to vital networks outside the federal government. These include systems that keep Canada's critical infrastructure functioning properly, such as the electrical grid and financial networks, or contain valuable commercial information that underpins our economic prosperity. CCIRC supports the owners and operators of systems of national importance, including critical infrastructure, and is responsible for coordinating the national response to any serious cyber security incident.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca

Date Modified: 2012-02-16
Top of Page
Top of Page
Important Notices
Host: WWWDMZ01