Public Safety Canada
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links | Liens de navigation communs

Skip Navigational Links Home > National security > Cyber Security: A Shared Responsibility > Cyber Security Publications > Analytical releases 2012 > AV12-027: Microsoft Security Bulletin Summary for June 2012

Institutional links

Microsoft Security Bulletin Summary for June 2012

Number: AV12-027
Date: 13 June 2012

Purpose

The purpose of this advisory is to bring attention to the monthly Microsoft Security Bulletin Summary for June. The summary covers 7 bulletins (3 Critical, 4 Important), which address 26 vulnerabilities in some Microsoft products.

Assessment

Microsoft has released the following security bulletins:

MS12-036 - Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939)
Details: The vulnerability could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system.
The security update addresses the vulnerability by modifying the way that the Remote Desktop Protocol processes packets in memory.
Maximum Security Impact:  Remote Code Execution
Aggregate Severity Rating:  Critical
Maximum Exploitability Index: 1 - Exploit code likely
Maximum Denial of Service Exploitability Index:   Permanent
Affected Products: Windows XP Service Pack 3, Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista Service Pack 2, Windows Vista x64 Edition Service Pack 2, Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2, Windows Server 2008 for Itanium-based Systems Service Pack 2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems Service Pack 1,Windows 7 for x64-based Systems, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for Itanium-based Systems, Windows Server 2008 R2 for Itanium-based Systems Service Pack 1, Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems Service Pack 1
CVE References: CVE-2012-0173
http://technet.microsoft.com/en-us/security/bulletin/MS12-036

MS12-037 - Cumulative Security Update for Internet Explorer (2699988)
Details: The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user.
The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory, HTML sanitization using toStaticHTML, the way that Internet Explorer renders data during certain processes, and the way that Internet Explorer creates and initializes strings.
Maximum Security Impact:  Remote Code Execution
Aggregate Severity Rating:  Critical
Maximum Exploitability Index:  1 - Exploit code likely
Maximum Denial of Service Exploitability Index: Temporary
Affected Products: Internet Explorer 6, Internet Explorer 7, Internet Explorer  8, Internet Explorer 9
CVE References: CVE-2012-1523, CVE-2012-1858, CVE-2012-1872, CVE-2012-1873, CVE-2012-1874, CVE-2012-1875, CVE-2012-1876, CVE-2012-1877, CVE-2012-1878, CVE-2012-1879, CVE-2012-1880, CVE-2012-1881, CVE-2012-1882
http://technet.microsoft.com/en-ca/security/bulletin/ms12-037

MS12-038 - Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)
Details: The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The security update addresses the vulnerability by correcting the manner in which the .NET Framework validates data passed to function pointers.
Maximum Security Impact: Remote Code Execution
Aggregate Severity Rating: Critical
Maximum Exploitability Index: 1 - Exploit code likely
Maximum Denial of Service Exploitability Index:   N/A
Affected Products: Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4
CVE References: CVE-2012-1855
http://technet.microsoft.com/en-ca/security/bulletin/ms12-038

MS12-039 - Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)
Details: The most severe vulnerabilities could allow remote code execution if a user views shared content that contains specially crafted TrueType fonts.
The security update addresses the vulnerabilities by correcting how specially crafted True Type Font files are handled, correcting the manner in which Microsoft Lync loads external libraries, and modifying the way that SafeHTML function sanitizes HTML content.
Maximum Security Impact: Important
Aggregate Severity Rating: Remote Code Execution
Maximum Exploitability Index: 1 - Exploit code likely
Maximum Denial of Service Exploitability Index:  Permanent
Affected Products: Microsoft Communicator 2007 R2, Microsoft Lync 2010 (32-bit), Microsoft Lync 2010 (64-bit), Microsoft Lync 2010 Attendee(admin level install), Microsoft Lync 2010 Attendee(user level install), Microsoft Lync 2010 Attendant (32-bit), Microsoft Lync 2010 Attendant (64-bit)
CVE References:  CVE-2011-3402, CVE-2011-0159, CVE-2012-1849, CVE-2012-1858
http://technet.microsoft.com/en-ca/security/bulletin/MS12-039

MS12-040 - Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)
Details: The vulnerability could allow elevation of privilege if a user clicks a specially crafted URL or visits a specially crafted website. In an email attack scenario, an attacker could exploit the vulnerability by sending an email message that contains the specially crafted URL to the user of the targeted Microsoft Dynamics AX Enterprise Portal site and by convincing the user to click the specially crafted URL.
The security update addresses the vulnerability by correcting the way that Microsoft Dynamics AX 2012 Enterprise Portal validates and sanitizes user input.
Maximum Security Impact:  Important
Aggregate Severity Rating:  Elevation of Privilege
Maximum Exploitability Index: 1 - Exploit code likely
Maximum Denial of Service Exploitability Index: N/A
Affected Products: Microsoft Dynamics AX 2012
CVE References: CVE-2012-1857
http://technet.microsoft.com/en-ca/security/bulletin/ms12-040

MS12-041 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162)
Details: The vulnerabilities could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit any of these vulnerabilities.
The security update addresses the vulnerabilities by correcting the way that the Windows kernel-mode drivers validate input passed from user mode and handle TrueType font loading, and by introducing additional runtime validation to the thread creation mechanism.
Maximum Security Impact: Important
Aggregate Severity Rating: Elevation of Privilege
Maximum Exploitability Index: 1 - Exploit code likely
Maximum Denial of Service Exploitability Index:   Permanent
Affected Products:   Windows XP Service Pack 3, Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista Service Pack 2, Windows Vista x64 Edition Service Pack 2, Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2, Windows Server 2008 for Itanium-based Systems Service Pack 2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for Itanium-based Systems, Windows Server 2008 R2 for Itanium-based Systems Service Pack 1, Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R for x64-based Systems Service Pack 1
CVE References: CVE-2012-1864, CVE-2012-1865, CVE-2012-1866, CVE-2012-1867, CVE-2012-1868
http://technet.microsoft.com/en-ca/security/bulletin/ms12-041

MS12-042 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)
Details: The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that exploits the vulnerability. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
The security update addresses the vulnerabilities by correcting the way that the Windows User Mode Scheduler handles a particular system request and the way that Windows manages BIOS ROM.
Maximum Security Impact: Important
Aggregate Severity Rating: Elevation of Privilege
Maximum Exploitability Index: 1 - Exploit code likely
Maximum Denial of Service Exploitability Index: Permanent
Affected Products:   Windows XP Service Pack 3, Windows Server 2003 Service Pack 2, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems Service Pack 1
CVE References:  CVE-2012-0217, CVE-2012-1515
http://technet.microsoft.com/en-ca/security/bulletin/ms12-042

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

Microsoft has published a risk matrix table to assist organizations in evaluating and prioritizing deployment of these security updates. This table is available at the following URL:
http://blogs.technet.com/b/msrc/archive/2012/06/12/certificate-trust-list-update-and-the-june-2012-bulletins.aspx

References:
http://technet.microsoft.com/en-ca/security/bulletin/ms12-jun

Note to Readers

The Canadian Cyber Incident Response Centre (CCIRC) operates within Public Safety Canada, and works with partners inside and outside Canada to mitigate cyber threats to vital networks outside the federal government. These include systems that keep Canada's critical infrastructure functioning properly, such as the electrical grid and financial networks, or contain valuable commercial information that underpins our economic prosperity. CCIRC supports the owners and operators of systems of national importance, including critical infrastructure, and is responsible for coordinating the national response to any serious cyber security incident.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca

Date Modified: 2012-06-13
Top of Page
Top of Page
Important Notices
Host: WWWDMZ01