Symantec product detections for Microsoft monthly Security Advisories - January 2012

Article:TECH178550  |  Created: 2012-01-09  |  Updated: 2012-07-09  |  Article URL http://www.symantec.com/docs/TECH178550
Article Type
Technical Solution

Product(s)

Issue



This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.


Solution



ID and Rating CAN/CVE ID: CVE-2012-0003
BID: 51292
Microsoft ID: MS12-004
MSKB:
2636391
Microsoft Rating:
Critical
Vulnerability Type

Microsoft Windows Media Player 'winmm.dll' MIDI File Parsing Remote Code Execution Vulnerability
Remote Code Execution

Vulnerability Affects Windows XP SP3, Windows XP Media Center Edition 2005 SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP2, Windows Vista x64 Edition SP2, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, and Windows Server 2008 for Itanium-based Systems SP2
Details
  •  A remote code execution vulnerability affects Media Player when handling a specially crafted MIDI file.
  • An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.
  • A successful exploit will result in the execution of arbitrary attacker supplied code in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: Bloodhound.Exploit.448
Sygate IDS: N/A
Symantec Critical System Protection IPS: SCSPBP1: Generic Windows Interactive Protection
ID and Rating CAN/CVE ID: CVE-2012-0001
BID:
51296
Microsoft ID: MS12-001
MSKB: 2644615
Microsoft Rating: Important
Vulnerability Type Microsoft Windows Kernel CVE-2012-0001 SafeSEH Security Bypass Vulnerability
Security Bypass
Vulnerability Affects  Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP2, Windows Vista x64 Edition SP2, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems SP1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems SP1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems SP1, Windows Server 2008 R2 for Itanium-based Systems, and Windows Server 2008 R2 for Itanium-based Systems SP1
Details
  • A security-bypass vulnerability affects Windows due to how the kernel loads the structured exception handling tables.
  • A local attacker may be able to exploit this issue to bypass the SafeSEH security feature of an application; this may aid in further attacks.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS:
N/A
ID and Rating CAN/CVE ID: CVE-2012-0009
BID:
51297
Microsoft ID: MS12-002
MSKB:
2603381
Microsoft Rating: Important
Vulnerability Type Microsoft Windows Object Packager Remote Code Execution Vulnerability
Remote Code Execution Vulnerability
Vulnerability Affects  Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, and Windows Server 2003 with SP2 for Itanium-based Systems
Details
  • A remote code execution vulnerability affects Windows in the way it registers and uses the Windows Object Packager.
  • An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file located on a network share.
  • A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: SCSPBP1: Generic Windows Interactive Protection
 ID and Rating CAN/CVE ID: CVE-2012-0005
BID:
51270
Microsoft ID:
MS12-003
MSKB:
2646524
Microsoft Rating:
Important
 Vulnerability Type  Microsoft Windows CSRSS CVE-2012-0005 Local Privilege Escalation Vulnerability
Elevation of Privilege Vulnerability
 Vulnerability Affects  Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP2, Windows Vista x64 Edition SP2, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, and Windows Server 2008 for Itanium-based Systems SP2
 Details
  •  A local privilege-escalation vulnerability affects the Windows Client/Server Run-time Subsystem (CSRSS) due to the way it processes a sequence of specially crafted Unicode characters.
  • A local attacker can exploit this issue to gain elevated privileges; this may facilitate a complete system compromise.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS:
N/A
Symantec Critical System Protection IPS:
SCSPBP2: Generic Windows Service Protection/SCSPBP4: Windows System Startup Process Protection/SCSPBP5: Specific Windows Service Protection
ID and Rating CAN/CVE ID: CVE-2012-0004
BID:
51295
Microsoft ID: MS12-004
MSKB: Microsoft Rating: Important
Vulnerability Type  Microsoft DirectX DirectShow Filters Remote Code Execution Vulnerability
Remote Code Execution Vulnerability
 Vulnerability Affects  Windows XP SP3, Windows XP Media Center Edition 2005 SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP2, Windows Vista x64 Edition SP2, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems SP1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems SP1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems SP1, Windows Server 2008 R2 for Itanium-based Systems, Windows Server 2008 R2 for Itanium-based Systems SP1, Windows Media Center TV Pack for Windows Vista (32-bit editions) and Windows Media Center TV Pack for Windows Vista (64-bit editions)
 Details
  •  A remote code execution vulnerability affects Windows when handling a specially crafted media files.
  • An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.
  • A successful exploit will result in the execution of arbitrary attacker supplied code in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS:
N/A
Symantec Critical System Protection IPS:
SCSPBP1: Generic Windows Interactive Protection

 

 ID and Rating CAN/CVE ID: CVE-2012-0013
BID: 51284
Microsoft ID: MS12-005
MSKB:
2584146
Microsoft Rating: Important
 Vulnerability Type Microsoft Windows ClickOnce Application Installer Remote Code Execution Vulnerability
Remote Code Execution Vulnerability
 Vulnerability Affects  Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP2, Windows Vista x64 Edition SP2, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems SP1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems SP1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems SP1, Windows Server 2008 R2 for Itanium-based Systems, and Windows Server 2008 R2 for Itanium-based Systems SP1
 Details
  •  A remote code execution vulnerability affects Windows in the way Windows Packager loads ClickOnce applications.
  • An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious Office file.
  • A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS:
N/A
Symantec Critical System Protection IPS:
SCSPBP1: Generic Windows Interactive Protection
 ID and Rating CAN/CVE ID: CVE-2011-3389
BID:
49778
Microsoft ID: MS12-006
MSKB:
2643584
Microsoft Rating: Important
 Vulnerability Type

SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability
Information Disclosure Vulnerability

 Vulnerability Affects  Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP2, Windows Vista x64 Edition SP2, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems SP1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems SP1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems SP1, Windows Server 2008 R2 for Itanium-based Systems, and Windows Server 2008 R2 for Itanium-based Systems SP1
 Details
  •  A previously public (Sept 19, 2011) information disclosure vulnerability affects the SSL and TLS protocols.
  • A man-in-the-middle attacker may be able to guess the ciphertext used in encrypted traffic, allowing them to decrypt HTTPS traffic to a targeted victim.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A
 ID and Rating CAN/CVE ID: CVE-2012-0007
BID:
51291
Microsoft ID:
MS12-007
MSKB:
2607664
Microsoft Rating: Important
 Vulnerability Type  Microsoft AntiXSS Library Sanitization Module Security Bypass Vulnerability
Security Bypass Vulnerability
 Vulnerability Affects  Microsoft Anti-Cross Site Scripting Library 3.x and 4.0
 Details
  • A cross-site scripting vulnerability affects the Microsoft anti cross-site scripting (AntiXSS) library when handling certain HTML.
  • An attacker can exploit this issue to disclose potentially sensitive information, such as cookie-based authentication credentials. Information obtained may aid in further attacks.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS:
N/A
Symantec Critical System Protection IPS: SCSPBP1: Generic Windows Interactive Protection

 

 

 




Article URL http://www.symantec.com/docs/TECH178550


Terms of use for this information are found in Legal Notices