Video Screencast Help
Security Response

Microsoft Patch Tuesday - December 2012

Created: 11 Dec 2012 17:10:35 GMT • Updated: 23 Jan 2014 18:11:03 GMT • Translations available: 日本語
Candid Wueest's picture
+1 1 Vote
Login to vote

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing seven bulletins covering a total of 12 vulnerabilities. Ten of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the December releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms12-Dec

The following is a breakdown of the issues being addressed this month:

  1. MS12-077 Cumulative Security Update for Internet Explorer

    InjectHTMLStream Use After Free Vulnerability (CVE-2012-4781) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    CMarkup Use After Free Vulnerability (CVE-2012-4782) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Improper Ref Counting Use After Free Vulnerability (CVE-2012-4787) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

  2. MS12-078 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution

    OpenType Font Parsing Vulnerability (CVE-2012-2556) MS Rating: Critical

    A remote code execution vulnerability exists in the way that affected components handle a specially crafted OpenType font file. The vulnerability could allow a remote code execution if a user opens a specially crafted OpenType font file. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

    TrueType Font Parsing Vulnerability (CVE-2012-4786) MS Rating: Critical

    A remote code execution vulnerability exists in the way that affected components handle a specially crafted TrueType font file. The vulnerability could allow a remote code execution if a user opens a specially crafted TrueType font file. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

  3. MS12-079 Vulnerability in Microsoft Word Could Allow Remote Code Execution

    Word RTF 'listoverridecount' Remote Code Execution Vulnerability (CVE-2012-2539) MS Rating: Critical

    A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted Rich Text Format (RTF) data. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

  4. MS12-080 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution

    Oracle Outside In Contains Multiple Exploitable Vulnerabilities (CVE-2012-3214) MS Rating: Critical

    Remote code execution vulnerabilities exist in Microsoft Exchange Server through the WebReady Document Viewing feature. These vulnerabilities could allow a remote code execution as the LocalService account if a user views a specially crafted file through Outlook Web Access in a browser. An attacker who successfully exploited the vulnerabilities could run code on the affected server, but only as the LocalService account.

    Oracle Outside In Contains Multiple Exploitable Vulnerabilities (CVE-2012-3217) MS Rating: Critical

    Remote code execution vulnerabilities exist in Microsoft Exchange Server through the WebReady Document Viewing feature. These vulnerabilities could allow a remote code execution as the LocalService account if a user views a specially crafted file through Outlook Web Access in a browser. An attacker who successfully exploited the vulnerabilities could run code on the affected server, but only as the LocalService account.

    RSS Feed May Cause Exchange DoS Vulnerability (CVE-2012-4791) MS Rating: Critical

    A denial of service vulnerability exists in Microsoft Exchange Server when Exchange improperly handles RSS feeds. The vulnerability could cause the Information Store service on the affected system to become unresponsive until the process is forcibly terminated. This unresponsive condition could cause Exchange databases to dismount, and potentially lead to the corruption of databases, affecting user mailboxes.

  5. MS12-081 Vulnerability in Windows File Handling Component Could Allow Remote Code Execution

    Windows Filename Parsing Vulnerability (CVE-2012-4774) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Microsoft Windows parses filenames. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

  6. MS12-082 Vulnerability in DirectPlay Could Allow Remote Code Execution

    DirectPlay Heap Overflow Vulnerability (CVE-2012-1537) MS Rating: Important

    A remote code execution vulnerability exists in the way that DirectPlay handles specially crafted content. The vulnerability could allow a remote code execution if an attacker convinces a user to view a specially crafted Office document with embedded content. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

  7. MS12-083 Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass

    Revoked Certificate Bypass Vulnerability (CVE-2012-2549) MS Rating: Important

    A security feature bypass vulnerability exists in Windows due to the way the IP-HTTPS Component handles certificates. An attacker who successfully exploited this vulnerability could bypass certificate validation checks.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.