Dial In Number Pin: 3959 Information About Microsoft August 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft Corporation Dustin Childs Group Manager, Response Communications Microsoft Corporation

Dial In Number Pin: 3959 Live Video Stream To receive our video stream in LiveMeeting:To receive our video stream in LiveMeeting: –Click on Voice & Video –Click the drop down next to the camera icon –Select Show Main Video

Dial In Number Pin: 3959 What We Will Cover Review of August 2012 Bulletin Release InformationReview of August 2012 Bulletin Release Information –New Security Bulletins –Security Advisory –Re-release of Bulletin MS –Microsoft ® Windows ® Malicious Software Removal Tool ResourcesResources Questions and Answers: Please Submit NowQuestions and Answers: Please Submit Now –Submit Questions via Twitter #MSFTSecWebcast

Dial In Number Pin: 3959 Severity and Exploitability Index Exploitability Index 1 RISK 2 3 DP Severity Critical IMPACT Important Moderate Low MS12-052MS12-053MS12-054MS12-055MS12-056MS12-057MS12-058MS12-059MS Internet Explorer Office ExchangeWindows Windows Windows JScript & VBScript OfficeWindows

Dial In Number Pin: 3959 Bulletin Deployment Priority

Dial In Number Pin: 3959 MS12-052: Cumulative Security Update for Internet Explorer ( ) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE Critical31 Remote Code Execution Cooperatively Disclosed CVE Critical11 Remote Code Execution Cooperatively Disclosed CVE Critical11 Remote Code Execution Cooperatively Disclosed CVE Important22 Remote Code Execution Cooperatively Disclosed Affected Products Internet Explorer 6, 7, 8, & 9 on Windows clients Internet Explorer 6, 7, 8 & 9 on Windows Servers Affected Components Internet Explorer Deployment Priority 1 Main Target Servers and workstations using IE Possible Attack Vectors An attacker could host a website that contains a maliciously crafted page designed to exploit this vulnerability.An attacker could host a website that contains a maliciously crafted page designed to exploit this vulnerability. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engineAn attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine Impact of Attack An attacker who successfully exploited these vulnerabilities could obtain the same permissions as the currently logged-on user.An attacker who successfully exploited these vulnerabilities could obtain the same permissions as the currently logged-on user. Mitigating Factors An attacker would have no way to force users to visit a malicious website.An attacker would have no way to force users to visit a malicious website. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode known as Enhanced Security Configuration.By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode known as Enhanced Security Configuration.Enhanced Security ConfigurationEnhanced Security Configuration By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML s in the Restricted sites zone.By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML s in the Restricted sites zone. Additional Information Installations using Server Core are not affected.Installations using Server Core are not affected. Customers with Internet Explorer 8 installed on their systems can address the vulnerability described in CVE by installing the KB update.Customers with Internet Explorer 8 installed on their systems can address the vulnerability described in CVE by installing the KB update.

Dial In Number Pin: 3959 MS12-053: Vulnerability in Remote Desktop Could Allow Remote Code Execution ( ) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE CriticalNA2 Remote Code Execution Cooperatively Disclosed Affected Products Windows XP SP3 Affected Components Remote Desktop Protocol Deployment Priority 2 Main Target Systems with RDP enabled Possible Attack Vector For systems running supported editions of Windows XP, a remote unauthenticated attacker could exploit this vulnerability by sending a sequence of specially crafted RDP packets to the target system.For systems running supported editions of Windows XP, a remote unauthenticated attacker could exploit this vulnerability by sending a sequence of specially crafted RDP packets to the target system. Impact of Attack An attacker who successfully exploited this vulnerability could take complete control of the affected system.An attacker who successfully exploited this vulnerability could take complete control of the affected system. Mitigating Factors By default, the Remote Desktop Protocol is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk. Note that on Windows XP, Remote Assistance can enable RDP.By default, the Remote Desktop Protocol is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk. Note that on Windows XP, Remote Assistance can enable RDP. Additional Information There are no known attacks against this vulnerability in the wild.There are no known attacks against this vulnerability in the wild.

Dial In Number Pin: 3959 MS12-054: Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution ( ) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE ImportantNANA Denial of Service Cooperatively Disclosed CVE CriticalNA1 Remote Code Execution Cooperatively Disclosed CVE CriticalNA1 Remote Code Execution Cooperatively Disclosed CVE CriticalNA1 Remote Code Execution Cooperatively Disclosed Affected Products All supported versions of Windows XP and Windows Server 2003 All supported versions of Vista All supported versions of Windows Server 2008 and 2008 R2, Windows 7 Affected Components Windows Networking Components Deployment Priority 1 Main Target Servers and workstations Possible Attack Vectors A remote unauthenticated attacker could exploit this vulnerability by sending a sequence of specially crafted RAP packets to the target system. (CVE )A remote unauthenticated attacker could exploit this vulnerability by sending a sequence of specially crafted RAP packets to the target system. (CVE ) A remote unauthenticated attacker could exploit the vulnerability by responding to the print spooler's requests with a specially crafted response. (CVE /1852/1853)A remote unauthenticated attacker could exploit the vulnerability by responding to the print spooler's requests with a specially crafted response. (CVE /1852/1853) Impact of Attack An attacker who successfully exploited this vulnerability could cause the service to stop responding. (CVE )An attacker who successfully exploited this vulnerability could cause the service to stop responding. (CVE ) An attacker who successfully exploited this vulnerability could run arbitrary code on a user's system with system privileges. (CVE /1852/1853)An attacker who successfully exploited this vulnerability could run arbitrary code on a user's system with system privileges. (CVE /1852/1853) Mitigating Factors Network level access controls can be used to mitigate the vulnerabilities addressed in this bulletinNetwork level access controls can be used to mitigate the vulnerabilities addressed in this bulletin Additional Information Installations using Server 2008 Core are affected and rated as Moderate.Installations using Server 2008 Core are affected and rated as Moderate.

Dial In Number Pin: 3959 MS12-055: Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege ( ) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE Important11 Elevation of Privilege Cooperatively Disclosed Affected Products All supported versions of Windows and Windows Server Affected Components Windows Kernel-Mode Drivers Deployment Priority 3 Main Target Workstations Possible Attack Vectors To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take complete control over the affected system.To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take complete control over the affected system. Impact of Attack An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. Mitigating Factors An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Additional Information Installations using Server Core are affected.Installations using Server Core are affected.

Dial In Number Pin: 3959 MS12-056: Vulnerability in JScript and VBScript Engines Could Allow Remote Code Execution ( ) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE Important22 Remote Code Execution Cooperatively Disclosed Affected Products JScript 5.8 and VBScript 5.8 on all supported 64-bit versions of Windows XP, Windows 7 JScript 5.8 and VBScript 5.8 on all supported 64-bit versions of Windows Server 2003, 2008 and 2008R2 Affected Components JScript and VBScript scripting engines Deployment Priority 2 Main Target Systems where IE 8 and IE 9 are used Possible Attack Vectors An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine.An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. Impact of Attack An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Mitigating Factors An attacker would have no way to force user to visit a malicious website.An attacker would have no way to force user to visit a malicious website. Only 64-bit versions of Microsoft Windows that are additionally configured to use the 64-bit version of Internet Explorer are affected by this vulnerability.Only 64-bit versions of Microsoft Windows that are additionally configured to use the 64-bit version of Internet Explorer are affected by this vulnerability. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration.By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration.Enhanced Security ConfigurationEnhanced Security Configuration Additional Information The JavaScript Integer Overflow Remote Code Execution Vulnerability (CVE ) described in this bulletin is also addressed by MS The JavaScript Integer Overflow Remote Code Execution Vulnerability (CVE ) described in this bulletin is also addressed by MS Installations using Server Core are not affected.Installations using Server Core are not affected.

Dial In Number Pin: 3959 MS12-057: Vulnerability in Microsoft Office Could Allow for Remote Code Execution ( ) CVESeverity Exploitability Comment Cooperatively Disclosed Latest Software Older Versions CVE Important33 Remote Code Execution Cooperatively Disclosed Affected Products Office 2007 SP2 and SP3, Office 2010 SP1 (x86 and 64-bit) Affected Components Office Deployment Priority 3 Main Target Workstations Possible Attack Vectors This vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office or insert a specially crafted CGM file into a document with an affected version of Microsoft Office.This vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office or insert a specially crafted CGM file into a document with an affected version of Microsoft Office. In a web-based attack scenario, In a web-based attack scenario, an attacker would have to host a website that contains a specially crafted file that is used to attempt to exploit this vulnerability.In a web-based attack scenario, In a web-based attack scenario, an attacker would have to host a website that contains a specially crafted file that is used to attempt to exploit this vulnerability. In an attack scenario, an attacker could exploit the vulnerability by sending a specially crafted file to the user and by convincing the user to open the file.In an attack scenario, an attacker could exploit the vulnerability by sending a specially crafted file to the user and by convincing the user to open the file. Impact of Attack An attacker who successfully exploited this vulnerability could run arbitrary code as the current user.An attacker who successfully exploited this vulnerability could run arbitrary code as the current user. Mitigating Factors The vulnerability cannot be exploited automatically through .The vulnerability cannot be exploited automatically through . For an attack to be successful a user must open an attachment that is sent in an message.For an attack to be successful a user must open an attachment that is sent in an message. An attacker would have no way to force user to visit a malicious website.An attacker would have no way to force user to visit a malicious website. Additional Information Microsoft has no indication that this issue is under active attack in the wild.Microsoft has no indication that this issue is under active attack in the wild.

Dial In Number Pin: 3959 MS12-058: Vulnerability in Microsoft Exchange Server WebReady Document Viewing Could Allow Remote Code Execution ( ) CVESeverity Exploitability CommentNote Latest Software Older Versions See Note Below Critical11 Remote Code Execution Publicly Disclosed Affected Products Exchange Server 2007 SP3, Exchange Server 2010 SP1 and SP2 Affected Components WebReady Document Viewing Deployment Priority 2 Main Target Exchange Servers Possible Attack Vectors An attacker could send an message containing a specially crafted file to a user on an affected version of Exchange. When the user previews the specially crafted file in the browser, arbitrary code could be run on the Exchange server.An attacker could send an message containing a specially crafted file to a user on an affected version of Exchange. When the user previews the specially crafted file in the browser, arbitrary code could be run on the Exchange server. Impact of Attack An attacker who successfully exploited these vulnerabilities could run arbitrary code as LocalService.An attacker who successfully exploited these vulnerabilities could run arbitrary code as LocalService. Mitigating Factors The transcoding service in Exchange that is used for WebReady Document Viewing is running in the LocalService account. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network.The transcoding service in Exchange that is used for WebReady Document Viewing is running in the LocalService account. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network. Additional Information This update addresses 13 vulnerabilities in the Oracle Outside In Library. See bulletin for specific CVEsThis update addresses 13 vulnerabilities in the Oracle Outside In Library. See bulletin for specific CVEs This issue was discussed last month in Security Advisory , published July 24.This issue was discussed last month in Security Advisory , published July 24.

Dial In Number Pin: 3959 MS12-059: Vulnerability in Microsoft Visio Could Allow Remote Code Execution ( ) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE Important11 Remote Code Execution Cooperatively Disclosed Affected Products Visio 2010 (32-bit and 64-bit), Visio Viewer 2010 (32-bit and 64-bit), Affected Components Visio Deployment Priority 3 Main Target Workstations that use Visio Possible Attack Vectors This vulnerability requires that a user open a specially crafted file with an affected version of Visio.This vulnerability requires that a user open a specially crafted file with an affected version of Visio. In a web-based attack scenario, an attacker would have to host a website that contains a specially crafted Visio file that is used to attempt to exploit this vulnerability.In a web-based attack scenario, an attacker would have to host a website that contains a specially crafted Visio file that is used to attempt to exploit this vulnerability. In an attack scenario, an attacker could exploit the vulnerability by sending a specially crafted Visio file to the user and by convincing the user to open the file.In an attack scenario, an attacker could exploit the vulnerability by sending a specially crafted Visio file to the user and by convincing the user to open the file. Impact of Attack An attacker who successfully exploited this vulnerability could run arbitrary code as the current user.An attacker who successfully exploited this vulnerability could run arbitrary code as the current user. Mitigating Factors An attacker would have no way to force user to visit a malicious website or open a malicious file in .An attacker would have no way to force user to visit a malicious website or open a malicious file in . Additional Information The Microsoft Office update MS was applied to systems running Microsoft Visio 2010 even though this software was listed as non-affected in the MS bulletin.The Microsoft Office update MS was applied to systems running Microsoft Visio 2010 even though this software was listed as non-affected in the MS bulletin.

Dial In Number Pin: 3959 MS12-060: Vulnerability in Windows Common Controls Could Allow Remote Code Execution ( ) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE Critical11 Remote Code Execution Cooperatively Disclosed Affected Products Office 2003 SP3 and Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1 (32-bit), SQL Server 2000 SP4 and Analysis Services SP4, SQL Server 2005 Express w/Advanced Services SP 4, SQL Server 2005 for 32-bit Ed. and 64-bit Ed. SP4, SQL Server 2005 for Itanium-based Systems SP4, All supported versions of SQL Server 2008 and 2008R2 except Management Studio, Commerce Server 2002 SP4, Commerce Server 2007 SP2, and Commerce Server 2009 and 2009R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, and Visual FoxPro 9.0 SP2, Visual Basic 6.0 Runtime Affected Components Windows Common Controls Deployment Priority 1 Main Target Workstations and Servers Possible Attack Vectors In an attack scenario, an attacker could exploit the vulnerability by sending a specially crafted document to the user and convincing the user to open the document.In an attack scenario, an attacker could exploit the vulnerability by sending a specially crafted document to the user and convincing the user to open the document. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. Impact of Attack An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Mitigating Factors By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration.By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration. The attacker would have to convince the user to open the attachment in order to exploit the vulnerability.The attacker would have to convince the user to open the attachment in order to exploit the vulnerability. Additional Information Microsoft is aware of limited, targeted attacks attempting to exploit this vulnerability.Microsoft is aware of limited, targeted attacks attempting to exploit this vulnerability.

Dial In Number Pin: 3959 Microsoft is announcing the availability of an update to Windows that restricts the use of weak RSA keys less than 1024 bits in length.Microsoft is announcing the availability of an update to Windows that restricts the use of weak RSA keys less than 1024 bits in length. The update is available on the Download Center as well as the Microsoft Update Catalog for all supported releases of Microsoft Windows.The update is available on the Download Center as well as the Microsoft Update Catalog for all supported releases of Microsoft Windows. Microsoft is planning to release this update through Microsoft Update in October 2012Microsoft is planning to release this update through Microsoft Update in October 2012 Microsoft Security Advisory ( ): Update For Minimum Certificate Key Length

Dial In Number Pin: 3959 Microsoft is rereleasing MS to offer the security updates for Microsoft XML Core Services 5.0 that were unavailable at the time of initial release.Microsoft is rereleasing MS to offer the security updates for Microsoft XML Core Services 5.0 that were unavailable at the time of initial release. Customers running Microsoft XML Core Services 5.0 should apply the KB , KB , or KB update to be protected from the vulnerability described in this bulletin.Customers running Microsoft XML Core Services 5.0 should apply the KB , KB , or KB update to be protected from the vulnerability described in this bulletin. Customers who have already successfully installed the updates originally offered on July 10, 2012 for Microsoft XML Core Services 3.0, Microsoft XML Core Services 4.0, and Microsoft XML Core Services 6.0 do not need to take any additional action for these versions.Customers who have already successfully installed the updates originally offered on July 10, 2012 for Microsoft XML Core Services 3.0, Microsoft XML Core Services 4.0, and Microsoft XML Core Services 6.0 do not need to take any additional action for these versions. MS12-043: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution ( ) Re-release

Dial In Number Pin: 3959 Detection & Deployment 1. Yes for all except Windows XP Media Center 2005 and XP Tablet Edition 2005

Dial In Number Pin: 3959 Other Update Information 1. Uninstall is only possible on Host Integration Server, Commerce Server 2009R2, and SQL Server 2000

Dial In Number Pin: 3959 Windows Malicious Software Removal Tool (MSRT) During this release Microsoft will increase detection capability for the following families in the MSRT:During this release Microsoft will increase detection capability for the following families in the MSRT: –Win32/Bafruz: A backdoor Trojan that allows unauthorized access and control of an affected computer. Win32/Bafruz: Win32/Bafruz: –Win32/Matsnu: A Trojan that can perform certain actions based on instructions from a remote server. It also changes certain computer settings. Available as a priority update through Windows Update or Microsoft Update.Available as a priority update through Windows Update or Microsoft Update. Offered through WSUS 3.0 or as a download at: through WSUS 3.0 or as a download at:

Dial In Number Pin: 3959 The Security site on TechNet is changing! In the coming months, the TechNet Security site will be updated to the Windows 8-style UI. Some of the highlights will include a modern look and feel, streamlined navigation, and easily discoverable security tools. Take a look at how these changes are already happening across TechNet

Dial In Number Pin: 3959 Resources Blogs Microsoft Security Response Center (MSRC) blog: Security Response Center (MSRC) blog: Security Research & Defense blog: Research & Defense blog: Microsoft Malware Protection Center Blog: Malware Protection Center Blog: Twitter Security Centers Microsoft Security Home Page: Security Home Page: TechNet Security Center: Security Center: MSDN Security Developer Center: us/security/default.aspxMSDN Security Developer Center: us/security/default.aspx us/security/default.aspx us/security/default.aspx Bulletins, Advisories, Notifications & Newsletters Security Bulletins Summary: ary.mspxSecurity Bulletins Summary: ary.mspx ary.mspx ary.mspx Security Bulletins Search: Bulletins Search: Security Advisories: Advisories: Microsoft Technical Security Notifications: mspxMicrosoft Technical Security Notifications: mspx mspx mspx Microsoft Security Newsletter: Security Newsletter: Other Resources Update Management Process e/patchmanagement/secmod193.mspxUpdate Management Process e/patchmanagement/secmod193.mspx e/patchmanagement/secmod193.mspx e/patchmanagement/secmod193.mspx Microsoft Active Protection Program Partners: ners.mspxMicrosoft Active Protection Program Partners: ners.mspx ners.mspx ners.mspx

Dial In Number Pin: 3959 Questions and Answers Submit text questions using the “Ask” button.Submit text questions using the “Ask” button. Don’t forget to fill out the survey.Don’t forget to fill out the survey. A recording of this webcast will be available within 48 hours on the MSRC Blog: recording of this webcast will be available within 48 hours on the MSRC Blog: Register for next month’s webcast at: for next month’s webcast at:

Dial In Number Pin: 3959