Dial In Number Pin: 9049 Information About Microsoft April 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft Corporation Pete Voss Sr. Response Communications Manager Microsoft Corporation
Dial In Number Pin: 9049 Live Video Stream To receive our video stream in LiveMeeting:To receive our video stream in LiveMeeting: –Click on Voice & Video –Click the drop down next to the camera icon –Select Show Main Video
Dial In Number Pin: 9049 What We Will Cover Review of April 2012 Bulletin release information:Review of April 2012 Bulletin release information: –New Security Bulletins –Microsoft ® Windows ® Malicious Software Removal Tool –Information About Microsoft Windows XP ResourcesResources Questions and Answers: Please Submit NowQuestions and Answers: Please Submit Now –Submit Questions via Twitter #MSFTSecWebcast
Dial In Number Pin: 9049 Severity and Exploitability Index Exploitability Index 1 RISK 2 3 DP Severity Critical IMPACT Important Moderate Low MS12-023MS12-024MS12-025MS12-026MS12-027MS Internet Explorer.NET WindowsOffice Windows Forefront UAG
Dial In Number Pin: 9049 Bulletin Deployment Priority
Dial In Number Pin: 9049 MS12-023: Cumulative Security Update For Internet Explorer ( ) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE ModerateN/AN/A Remote Code Execution Cooperatively Disclosed CVE Critical33 Remote Code Execution Cooperatively Disclosed CVE CriticalN/A1 Remote Code Execution Cooperatively Disclosed CVE Critical11 Remote Code Execution Cooperatively Disclosed CVE CriticalN/A1 Remote Code Execution Cooperatively Disclosed Affected Products IE 6, 7, 8, 9 on all supported versions of Windows IE 6, 7, 8, 9 on all supported versions of Windows Server Affected Components Internet Explorer Deployment Priority 1 Main Target Workstations Possible Attack Vectors CVE :CVE : Printer Based: an attacker could exploit the vulnerability by convincing the user to print a specially crafted HTML page.Printer Based: an attacker could exploit the vulnerability by convincing the user to print a specially crafted HTML page. CVE , CVE , CVE , CVE :CVE , CVE , CVE , CVE : Web-based: An attacker could exploit the vulnerability by convincing a user to visit a specially crafted website.Web-based: An attacker could exploit the vulnerability by convincing a user to visit a specially crafted website. Impact of Attack An attacker successfully exploiting this issue could gain the same user rights as a logged-on user.An attacker successfully exploiting this issue could gain the same user rights as a logged-on user. Mitigating Factors CVE :CVE : An attacker would have no way to force a user to print a HTML page.An attacker would have no way to force a user to print a HTML page. The "Print table of links" option is not enabled by default when printing from Internet Explorer. Only customers who manually select this feature when they print a webpage are likely to be vulnerable to this issue.The "Print table of links" option is not enabled by default when printing from Internet Explorer. Only customers who manually select this feature when they print a webpage are likely to be vulnerable to this issue. CVE , CVE , CVE , CVE :CVE , CVE , CVE , CVE : An attacker would have no way to force a user to visit a malicious website.An attacker would have no way to force a user to visit a malicious website. Additional Information Installations using Server Core are not affected.Installations using Server Core are not affected.
Dial In Number Pin: 9049 MS12-024: Vulnerability In Windows Could Allow Remote Code Execution ( ) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE Critical11 Remote Code Execution Cooperatively Disclosed Affected Products All supported versions of Windows and Windows Server Affected Components Authenticode Signature Verification Deployment Priority 2 Main Target Workstations and Servers Possible Attack Vectors Attack Scenario: An attacker could exploit this vulnerability by sending a user an message containing the specially crafted PE file and convincing the user to open the file. Attack Scenario: An attacker could exploit this vulnerability by sending a user an message containing the specially crafted PE file and convincing the user to open the file. Web-Based Scenario: An attacker would have to host a website that contains a specially crafted PE file. Compromised websites and websites that accept or host user-provided content could contain specially crafted content that could be used to exploit this vulnerability.Web-Based Scenario: An attacker would have to host a website that contains a specially crafted PE file. Compromised websites and websites that accept or host user-provided content could contain specially crafted content that could be used to exploit this vulnerability. Impact of Attack An attacker who successfully exploited this vulnerability could take complete control of an affected system.An attacker who successfully exploited this vulnerability could take complete control of an affected system. Mitigating Factors Microsoft has not identified any mitigating factors for this vulnerability.Microsoft has not identified any mitigating factors for this vulnerability. Additional Information Installations using Server Core are affectedInstallations using Server Core are affected
Dial In Number Pin: 9049 MS12-025: Vulnerability in.NET Framework Could Allow Remote Code Execution ( ) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE Critical11 Remote Code Execution Cooperatively Disclosed Affected Products.NET Framework 1.0 SP3,.NET Framework 1.1 SP1,.NET Framework 2.0 SP2,.NET Framework 3.5.1, and.NET Framework 4 Affected Components.NET Framework Deployment Priority 2 Main Target Workstations and Servers Possible Attack Vectors Web-Browsing Scenario: An attacker could host a website that contains a webpage that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could be used to exploit this vulnerability.Web-Browsing Scenario: An attacker could host a website that contains a webpage that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could be used to exploit this vulnerability. Web-Hosting Scenario: An attacker must have permission to upload arbitrary ASP.NET pages to a website and ASP.NET must be installed on that web server.Web-Hosting Scenario: An attacker must have permission to upload arbitrary ASP.NET pages to a website and ASP.NET must be installed on that web server. This vulnerability could also be used by Windows.NET applications to bypass Code Access Security (CAS) restrictions.This vulnerability could also be used by Windows.NET applications to bypass Code Access Security (CAS) restrictions. Impact of Attack An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user or the user account of ASP.NET. An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user or the user account of ASP.NET. Mitigating Factors An attacker would have no way to force users to visit a website hosting the specially crafted media file.An attacker would have no way to force users to visit a website hosting the specially crafted media file. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration.By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration.Enhanced Security ConfigurationEnhanced Security Configuration In default configuration, an anonymous user cannot upload and run Microsoft.NET code on an Internet Information Server (IIS).In default configuration, an anonymous user cannot upload and run Microsoft.NET code on an Internet Information Server (IIS). Standard.NET Framework applications are not affected by this vulnerability. Only specially crafted.NET Framework applications could exploit this vulnerability.Standard.NET Framework applications are not affected by this vulnerability. Only specially crafted.NET Framework applications could exploit this vulnerability. Additional Information Installations using Server Core are affected.Installations using Server Core are affected..NET Framework 4 and.NET Framework 4 Client Profile are affected..NET Framework 4 and.NET Framework 4 Client Profile are affected.
Dial In Number Pin: 9049 MS12-026: Vulnerabilities in Forefront United Access Gateway (UAG) Could Allow Information Disclosure ( ) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE ModerateN/AN/ASpoofing Cooperatively Disclosed CVE Important33 Information Disclosure Cooperatively Disclosed Affected Products Forefront Unified Access Gateway 2010 SP1, and Forefront Unified Access Gateway 2010 SP1 Update 1 Affected Components Unified Access Gateway Web Interface Deployment Priority 3 Main Target Servers Possible Attack Vectors CVE :CVE : Attack Scenario: An attacker would have to convince users to click a link that has a specially crafted URL that redirects the user to the website, typically by getting them to click a link in an message or Instant Messenger message that takes them to the attacker's website. Attack Scenario: An attacker would have to convince users to click a link that has a specially crafted URL that redirects the user to the website, typically by getting them to click a link in an message or Instant Messenger message that takes them to the attacker's website. CVE :CVE : Web Attack Scenario: A attacker would send a specially crafted HTTPS query to the UAG server. This specially crafted request could allow the attacker to access restricted resources via the UAG default website.Web Attack Scenario: A attacker would send a specially crafted HTTPS query to the UAG server. This specially crafted request could allow the attacker to access restricted resources via the UAG default website. Impact of Attack CVE :CVE : The authenticated user's browser session could be redirected to a malicious site that is designed to impersonate a legitimate UAG web interface. The attacker could trick the user and potentially acquire sensitive information, such as the user's credentials.The authenticated user's browser session could be redirected to a malicious site that is designed to impersonate a legitimate UAG web interface. The attacker could trick the user and potentially acquire sensitive information, such as the user's credentials. CVE :CVE : An attacker who successfully exploited this vulnerability could view secured resources on the server.An attacker who successfully exploited this vulnerability could view secured resources on the server. Mitigating Factors CVE :CVE : An attacker would have no way to force users to visit a malicious website.An attacker would have no way to force users to visit a malicious website. CVE :CVE : Microsoft has not identified any mitigating factors for this vulnerability.Microsoft has not identified any mitigating factors for this vulnerability. Additional Information This update is available through the Download Center only.This update is available through the Download Center only.
Dial In Number Pin: 9049 MS12-027: Vulnerability in Windows Common Controls Could Allow Remote Code Execution ( ) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE Critical11 Remote Code Execution Cooperatively Disclosed Affected Products All Supported Versions of Office (except x64 editions) All Supported Editions of SQL Server (except 2000 Itanium SP4, 2000 Reporting Service SP2, 2000 MSDE, 2000 MSDE SP4, 2005 Express Edition SP4, and SQL Server 2008 Management Studio) BizTalk Server 2002 SP1 Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009, Commerce Server 2009 R2 Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2 Virtual Basic 6.0 Runtime Affected Components Windows Common Controls Deployment Priority 1 Main Target Workstations and Servers Possible Attack Vectors Web Attack Scenario: An attacker could host a website that contains a web page that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content could contain specially crafted content that could be used to exploit this vulnerability.Web Attack Scenario: An attacker could host a website that contains a web page that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content could contain specially crafted content that could be used to exploit this vulnerability. Attack Scenario: An attacker could exploit this vulnerability by sending the user the malicious file as an attachment, and convince the user to open the attachment. Attack Scenario: An attacker could exploit this vulnerability by sending the user the malicious file as an attachment, and convince the user to open the attachment. Impact of Attack An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Mitigating Factors An attacker would have no way to force users to visit a website or open an attachment.An attacker would have no way to force users to visit a website or open an attachment. Additional Information By default, supported versions of Microsoft SQL Server 2005 and Microsoft SQL Server 2008 default installations include the Windows common controls. Microsoft Update will automatically detect and deploy the Windows common controls packages to these supported versions of Microsoft SQL server 2005 and Microsoft SQL Server 2008.By default, supported versions of Microsoft SQL Server 2005 and Microsoft SQL Server 2008 default installations include the Windows common controls. Microsoft Update will automatically detect and deploy the Windows common controls packages to these supported versions of Microsoft SQL server 2005 and Microsoft SQL Server Microsoft is aware of limited, targeted attacks attempting to exploit the vulnerability.Microsoft is aware of limited, targeted attacks attempting to exploit the vulnerability.
Dial In Number Pin: 9049 MS12-028: Vulnerability In Microsoft Office Could Allow Remote Code Execution ( ) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE Important31 Remote Code Execution Cooperatively Disclosed Affected Products Office 2007 SP2, Microsoft Works 9, and Microsoft Works 6-9 File Converter Affected Components Microsoft Office Works File Converter Deployment Priority 2 Main Target Workstations Possible Attack Vectors Web Attack Scenario: An attacker could host a website that contains a web page that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content could contain specially crafted content that could be used to exploit this vulnerability.Web Attack Scenario: An attacker could host a website that contains a web page that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content could contain specially crafted content that could be used to exploit this vulnerability. Attack Scenario: An attacker could exploit this vulnerability by sending the user the malicious file as an attachment, and convince the user to open the attachment. Attack Scenario: An attacker could exploit this vulnerability by sending the user the malicious file as an attachment, and convince the user to open the attachment. Impact of Attack An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Mitigating Factors An attacker would have no way to force users to visit a website or open an attachment.An attacker would have no way to force users to visit a website or open an attachment.
Dial In Number Pin: 9049 Detection & Deployment *Available in Download Center Only **Except for MS Commerce Server 2002 SP4, 2007 SP2, 2009, and 2009 R2; plus Visual FoxPro 8.0 SP1, Visual Fox Pro 9.0 SP2 and Visual Basic 6.0 Runtime
Dial In Number Pin: 9049 Other Update Information
Dial In Number Pin: 9049 Windows Malicious Software Removal Tool (MSRT) During this release Microsoft will increase detection capability for the following families in the MSRT:During this release Microsoft will increase detection capability for the following families in the MSRT: – –Win32/Gamarue: A bot-controlled worm that spreads via removable drives. It gathers information about the infected computer and sends it back to a pre-defined remote web server, where it may accept further instruction and may lead to the installation of other malware.Win32/Gamarue: – –Win32/BOCINEX: A bundled installer that executes Program:Win32/CoinMiner.Win32/BOCINEXProgram:Win32/CoinMiner – –Win32/Claretore: A Trojan that injects itself into running processes to intercept browser traffic and redirect the browser to an attacker-defined URL.Win32/Claretore Available as a priority update through Windows Update or Microsoft Update.Available as a priority update through Windows Update or Microsoft Update. Is offered through WSUS 3.0 or as a download at: offered through WSUS 3.0 or as a download at:
Dial In Number Pin: 9049 TechNet Has Changed Snapshot of Recent Improvements Streamlining of of –Merged Product and service pack dropdown controls –Simplified search results by removing redundant Affected Software –Added new lifecycle information for the Windows, Windows Server, and IE TechCenters New Features For Bulletin SearchNew Features For Bulletin Search –Search by bulletin, CVE, or KB number –Download information on all bulletins released since 1998 in spreadsheet form –Merged “Product Search” and “Search By KB” tabs. –Upgraded the Date control to allow specific start / end dates when searching –Simplified search filters by removing the Severity filter –Added localized TechNet Security bulletin sites and bulletin search FAQs –Demonstration video coming soon
Dial In Number Pin: 9049 Windows XP: Heading Into The Sunset Windows XP goes out of support in April 2014.Windows XP goes out of support in April We are notifying customers now so they can update to the latest operating system.We are notifying customers now so they can update to the latest operating system. Windows XP represented great technologies when they were first introduced nearly a decade ago, but a lot has changed and we’re encouraging customers to upgrade to Windows 7.Windows XP represented great technologies when they were first introduced nearly a decade ago, but a lot has changed and we’re encouraging customers to upgrade to Windows 7.
Dial In Number Pin: 9049 Resources Blogs Microsoft Security Response Center (MSRC) blog: Security Response Center (MSRC) blog: Security Research & Defense blog: Research & Defense blog: Microsoft Malware Protection Center Blog: Malware Protection Center Blog: Twitter Security Centers Microsoft Security Home Page: Security Home Page: TechNet Security Center: Security Center: MSDN Security Developer Center: Security Developer Center: Bulletins, Advisories, Notifications & Newsletters Security Bulletins Summary: mspxSecurity Bulletins Summary: mspx mspx mspx Security Bulletins Search: Bulletins Search: Security Advisories: Advisories: Microsoft Technical Security Notifications: Technical Security Notifications: Microsoft Security Newsletter: Security Newsletter: Other Resources Update Management Process chmanagement/secmod193.mspxUpdate Management Process chmanagement/secmod193.mspx chmanagement/secmod193.mspx chmanagement/secmod193.mspx Microsoft Active Protection Program Partners: mspxMicrosoft Active Protection Program Partners: mspx mspx mspx
Dial In Number Pin: 9049 Questions and Answers Submit text questions using the “Ask” button.Submit text questions using the “Ask” button. Don’t forget to fill out the survey.Don’t forget to fill out the survey. A recording of this webcast will be available within 48 hours on the MSRC Blog: recording of this webcast will be available within 48 hours on the MSRC Blog: Register for next month’s webcast at: for next month’s webcast at:
Dial In Number Pin: 9049