Dial In Number Pin: 5453 Information About Microsoft June 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft Corporation Dustin Childs Group Manager, Response Communications Microsoft Corporation
Dial In Number Pin: 5453 Live Video Stream To receive our video stream in LiveMeeting:To receive our video stream in LiveMeeting: –Click on Voice & Video –Click the drop down next to the camera icon –Select Show Main Video
Dial In Number Pin: 5453 What We Will Cover Review of June 2012 Bulletin Release InformationReview of June 2012 Bulletin Release Information –New Security Bulletins –Security Advisory –KB –KB Automatic Updater of Revoked Certificates –Microsoft ® Windows ® Malicious Software Removal Tool ResourcesResources Questions and Answers: Please Submit NowQuestions and Answers: Please Submit Now –Submit Questions via Twitter #MSFTSecWebcast
Dial In Number Pin: 5453 Severity and Exploitability Index Exploitability Index 1 RISK 2 3 DP Severity Critical IMPACT Important Moderate Low MS12-036MS12-037MS12-038MS12-039MS12-040MS12-041MS WindowsWindowsWindows Lync Internet Explorer.NET Dynamics AX
Dial In Number Pin: 5453 Bulletin Deployment Priority
Dial In Number Pin: 5453 MS12-036: Vulnerability in Remote Desktop Could Allow Remote Code Execution ( ) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE Critical11 Remote Code Execution Cooperatively Disclosed Affected Products Windows Server 2003 SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows Server 2008 R2, Windows Server 2008 R2 SP1 Windows XP SP3, Windows Vista SP2, Windows 7 Affected Components Remote Desktop Protocol Deployment Priority 1 Main Target Terminal servers Possible Attack Vector A remote unauthenticated attacker could exploit this vulnerability by sending a sequence of specially crafted RDP packets to the target system.A remote unauthenticated attacker could exploit this vulnerability by sending a sequence of specially crafted RDP packets to the target system. Impact of Attack An attacker who successfully exploited this vulnerability on systems for which the issue is marked as Critical could take complete control of the affected system.An attacker who successfully exploited this vulnerability on systems for which the issue is marked as Critical could take complete control of the affected system. For platforms marked as moderately affected by this issue, exploit would lead only to a Denial of Service.For platforms marked as moderately affected by this issue, exploit would lead only to a Denial of Service. Mitigating Factors By default, the Remote Desktop Protocol is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.By default, the Remote Desktop Protocol is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk. Additional Information Installations using Server Core are affected.Installations using Server Core are affected.
Dial In Number Pin: 5453 MS12-037: Cumulative Security Update for Internet Explorer ( ) – slide 1 of 2 CVESeverity Exploitability CommentNote Latest Software Older Versions CVE CriticalN/A1 Remote Code Execution Cooperatively Disclosed CVE Important33 Information Disclosure Cooperatively Disclosed CVE ModerateN/AN/A Information Disclosure Cooperatively Disclosed CVE Important33 Information Disclosure Cooperatively Disclosed CVE Important13 Remote Code Execution Cooperatively Disclosed CVE CriticalN/A1 Remote Code Execution Cooperatively Disclosed CVE Critical11 Remote Code Execution Cooperatively Disclosed CVE Critical11 Remote Code Execution Cooperatively Disclosed CVE Critical11 Remote Code Execution Cooperatively Disclosed CVE Critical11 Remote Code Execution Cooperatively Disclosed CVE Critical11 Remote Code Execution Cooperatively Disclosed CVE Critical11 Remote Code Execution Cooperatively Disclosed CVE ModerateN/AN/A Information Disclosure Publicly Disclosed
Dial In Number Pin: 5453 MS12-037: Cumulative Security Update for Internet Explorer ( ) – slide 2 of 2 CVE RCE CVE ID CVE ID CVE ID CVE RCE CVE RCE CVE RCECVE RCE CVE RCE CVE RCE CVE RCE CVE RCE CVE ID Affected Products Internet Explorer 6, 7, 8, 9 on all supported versions of Windows Server Affected Components Internet Explorer Deployment Priority 1 Main Target Workstations Possible Attack Vectors An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website, or place a malicious ActiveX control in an application or Microsoft Office document. (CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE )An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website, or place a malicious ActiveX control in an application or Microsoft Office document. (CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE ) An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. (CVE , CVE , CVE , CVE )An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. (CVE , CVE , CVE , CVE ) Impact of Attack An attacker successfully exploiting this issue could inflict a cross-site scripting attack on the user. (CVE , CVE )An attacker successfully exploiting this issue could inflict a cross-site scripting attack on the user. (CVE , CVE ) An attacker successfully exploiting this issue could gain access to and read IE’s process memory. (CVE )An attacker successfully exploiting this issue could gain access to and read IE’s process memory. (CVE ) An attacker successfully exploiting this issue could view context from another domain or Internet Explorer zone. (CVE )An attacker successfully exploiting this issue could view context from another domain or Internet Explorer zone. (CVE ) An attacker successfully exploiting this issue could execute arbitrary code in the context of the current user. (CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE )An attacker successfully exploiting this issue could execute arbitrary code in the context of the current user. (CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE ) Mitigating Factors By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML messages in the Restricted sites zone.By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML messages in the Restricted sites zone. An attacker has no way of forcing users to visit a maliciously constructed Web site.An attacker has no way of forcing users to visit a maliciously constructed Web site. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration.By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration.Enhanced Security ConfigurationEnhanced Security Configuration A targeted user must be convinced to open the Internet Explorer Developer Toolbar while visiting a malicious site. (CVE )A targeted user must be convinced to open the Internet Explorer Developer Toolbar while visiting a malicious site. (CVE ) Additional Information Installations using Server Core 2008 or 2008 R2 are not affected.Installations using Server Core 2008 or 2008 R2 are not affected.
Dial In Number Pin: 5453 MS12-038: Vulnerability in.NET Framework Could Allow Remote Code Execution ( ) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE Critical11 Remote Code Execution Cooperatively Disclosed Affected Products.NET Framework 2.0 SP2,.NET Framework 3.5.1,.NET Framework 4 on all supported editions of Microsoft Windows Affected Components.NET Framework Deployment Priority 2 Main Target Servers and workstations Possible Attack Vectors An attacker could host a website that contains an XAML Browser Application (XBAP) that is used to exploit this vulnerability. Compromised websites and websites that accept or host user- provided content or advertisements could contain specially crafted content that could be used to exploit this vulnerability.An attacker could host a website that contains an XAML Browser Application (XBAP) that is used to exploit this vulnerability. Compromised websites and websites that accept or host user- provided content or advertisements could contain specially crafted content that could be used to exploit this vulnerability. Impact of Attack An attacker who successfully exploited this vulnerability could obtain the same permissions as the currently logged-on user.An attacker who successfully exploited this vulnerability could obtain the same permissions as the currently logged-on user. Code Access Security (CAS) Bypass: An attacker could use this issue to bypass CAS restrictions.Code Access Security (CAS) Bypass: An attacker could use this issue to bypass CAS restrictions. Mitigating Factors An attacker would have no way to force users to visit a malicious website.An attacker would have no way to force users to visit a malicious website. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration.By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration.Enhanced Security ConfigurationEnhanced Security Configuration Standard.NET Framework applications are not affected by this issue.Standard.NET Framework applications are not affected by this issue. Additional Information This bulletin applies to.NET Framework 4 and.NET Framework 4 Client Profile, and to users of the.NET Framework 3.5 and 4.5 Windows Consumer Preview software.This bulletin applies to.NET Framework 4 and.NET Framework 4 Client Profile, and to users of the.NET Framework 3.5 and 4.5 Windows Consumer Preview software.
Dial In Number Pin: 5453 MS12-039: Vulnerabilities in Lync Could Allow Remote Code Execution ( ) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE Important3N/A Remote Code Execution Publicly Disclosed CVE Important3N/A Remote Code Execution Cooperatively Disclosed CVE Important1N/A Remote Code Execution Cooperatively Disclosed CVE Important33 Information Disclosure Cooperatively Disclosed Affected Products Microsoft Lync 2010, Microsoft Lync 2010 Attendee, Microsoft Lync 2010 Attendant (32- and 64-bit), Office Communicator 2007 R2 Affected Components Lync Deployment Priority 2 Main Target Workstations and Servers Possible Attack Vectors An attacker could create content containing a specially crafted TrueType font used to exploit this vulnerability. (CVE , CVE )An attacker could create content containing a specially crafted TrueType font used to exploit this vulnerability. (CVE , CVE ) In an attack scenario, an attacker could exploit the vulnerability by sending a legitimate Microsoft Office file to a user, and convincing the user to place the attachment into a directory containing a specially crafted DLL file and to open the legitimate file. (CVE )In an attack scenario, an attacker could exploit the vulnerability by sending a legitimate Microsoft Office file to a user, and convincing the user to place the attachment into a directory containing a specially crafted DLL file and to open the legitimate file. (CVE ) In a network attack scenario, an attacker could place a legitimate Office file and a specially crafted DLL in a network share, a UNC, or WebDAV location and then convince the user to open the file. (CVE )In a network attack scenario, an attacker could place a legitimate Office file and a specially crafted DLL in a network share, a UNC, or WebDAV location and then convince the user to open the file. (CVE ) Impact of Attack An attacker successfully exploiting this issue could take control of an affected system. (CVE , CVE )An attacker successfully exploiting this issue could take control of an affected system. (CVE , CVE ) An attacker successfully exploiting this issue could run arbitrary code in the context of the current user. (CVE )An attacker successfully exploiting this issue could run arbitrary code in the context of the current user. (CVE ) An attacker successfully exploiting this issue could perform cross-site scripting attacks against Lync or Microsoft Communicator users. (CVE )An attacker successfully exploiting this issue could perform cross-site scripting attacks against Lync or Microsoft Communicator users. (CVE ) Mitigating Factors Users whose accounts are configured to have fewer user rights on the system are less affected than users operating with administrative rights. (CVE )Users whose accounts are configured to have fewer user rights on the system are less affected than users operating with administrative rights. (CVE ) The file sharing protocol, Server Message Block (SMB), is often disabled on the perimeter firewall. (CVE )The file sharing protocol, Server Message Block (SMB), is often disabled on the perimeter firewall. (CVE ) For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file from this location that is then loaded by a vulnerable application. (CVE )For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file from this location that is then loaded by a vulnerable application. (CVE ) Additional Information The update for Lync 2010 Attendee (user-level install) is available only via Download Center.The update for Lync 2010 Attendee (user-level install) is available only via Download Center. Though the vulnerability described in CVE has previously been exploited in limited, targeted attacks, the vector used in those attacks was addressed in MS11-087, and we have detected no use of this vector in attacks.Though the vulnerability described in CVE has previously been exploited in limited, targeted attacks, the vector used in those attacks was addressed in MS11-087, and we have detected no use of this vector in attacks. The vulnerability addressed by CVE is related to the class of vulnerabilities described in Microsoft Security Advisory The vulnerability addressed by CVE is related to the class of vulnerabilities described in Microsoft Security Advisory Microsoft Security Advisory Microsoft Security Advisory
Dial In Number Pin: 5453 MS12-040: Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege ( ) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE Important1N/A Elevation of Privilege Cooperatively Disclosed Affected Products Microsoft Dynamics AX 2012 Enterprise Portal Affected Components Microsoft Dynamics AX Enterprise Portal Deployment Priority 2 Main Target Workstations connecting to a Microsoft Dynamics AX Enterprise Portal server Possible Attack Vectors An attacker could exploit the vulnerability hosting a web site with a malicious page and convincing a targeted user to click on the specially crafted URL.An attacker could exploit the vulnerability hosting a web site with a malicious page and convincing a targeted user to click on the specially crafted URL. Impact of Attack An attacker who successfully exploited this vulnerability could read content that the attacker is not authorized to read, use the victim's identity to take actions on the Microsoft Dynamics AX Enterprise Portal site on behalf of the victim, or inject malicious content in the browser of the victim. Mitigating Factors An attacker would have no way to force users to visit a malicious website.An attacker would have no way to force users to visit a malicious website. The vulnerability cannot be exploited automatically through .The vulnerability cannot be exploited automatically through . Internet Explorer 8 and Internet Explorer 9 users browsing to a Microsoft Dynamics AX Enterprise Portal site in the Internet Zone are at a reduced risk because, by default, the XSS Filter in Internet Explorer 8 and Internet Explorer 9 prevents this attack in the Internet Zone.Internet Explorer 8 and Internet Explorer 9 users browsing to a Microsoft Dynamics AX Enterprise Portal site in the Internet Zone are at a reduced risk because, by default, the XSS Filter in Internet Explorer 8 and Internet Explorer 9 prevents this attack in the Internet Zone. Additional Information Earlier versions of Microsoft Dynamics AX are not affected by this cross-site scripting issue.Earlier versions of Microsoft Dynamics AX are not affected by this cross-site scripting issue. This update is available via the Download Center and via theThis update is available via the Download Center and via the Microsoft Dynamics CustomerSource and Microsoft Dynamics PartnerSource websites.Microsoft Dynamics CustomerSourceMicrosoft Dynamics PartnerSource
Dial In Number Pin: 5453 MS12-041: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege ( ) CVESeverity Exploitability Comment Cooperatively Disclosed Latest Software Older Versions CVE Important11 Elevation of Privilege Cooperatively Disclosed CVE Important11 Elevation of Privilege Cooperatively Disclosed CVE Important11 Elevation of Privilege Cooperatively Disclosed CVE Important11 Elevation of Privilege Cooperatively Disclosed CVE ImportantN/A1 Elevation of Privilege Cooperatively Disclosed Affected Products All versions of Microsoft Windows Affected Components Kernel-Mode Drivers Deployment Priority 3 Main Target Workstations Possible Attack Vectors An attacker who is able to log onto the targeted system could then run a specially crafted application that could exploit the vulnerability.An attacker who is able to log onto the targeted system could then run a specially crafted application that could exploit the vulnerability. Impact of Attack An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. Mitigating Factors An attacker would require both valid logon credentials and the ability to logon locally to the targeted machine.An attacker would require both valid logon credentials and the ability to logon locally to the targeted machine. Additional Information Installations using Server Core are affected.Installations using Server Core are affected.
Dial In Number Pin: 5453 MS12-042: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege ( ) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE ImportantN/A1 Elevation of Privilege Publicly Disclosed CVE Important1N/A Elevation of Privilege Cooperatively Disclosed Affected Products Windows XP SP3, Windows Server 2003 SP2, Windows 7 x64, Windows 7 x64 SP1, Windows Server 2008 R2 x64, Windows Server 2008 R2 x64 SP1 Affected Components User Mode Scheduler (CVE ) and BIOS ROM (CVE ) Deployment Priority 3 Main Target Workstations Possible Attack Vectors To exploit this vulnerability, an attacker would have to log on to the system, then run a specially crafted application that could exploit the vulnerability and take complete control over the affected system.To exploit this vulnerability, an attacker would have to log on to the system, then run a specially crafted application that could exploit the vulnerability and take complete control over the affected system. Impact of Attack An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode and take complete control of an affected system.An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode and take complete control of an affected system. Mitigating Factors An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Systems with AMD- or ARM-based CPUs are unaffected (CVE )Systems with AMD- or ARM-based CPUs are unaffected (CVE ) Only affects Intel x64-based versions of Windows 7 and Windows Server 2008 R2 (CVE )Only affects Intel x64-based versions of Windows 7 and Windows Server 2008 R2 (CVE ) Additional Information Windows Server 2008 R2 and 2008 R2 SP1 installations using Server Core are affected.Windows Server 2008 R2 and 2008 R2 SP1 installations using Server Core are affected. CVE applies only to Windows XP and 2003, while CVE applies only to Windows 7 and Server 2008 R2.CVE applies only to Windows XP and 2003, while CVE applies only to Windows 7 and Server 2008 R2.
Dial In Number Pin: 5453 Security Advisory : Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution We are releasing a Security Advisory to address a vulnerability in Microsoft XML Core Services.We are releasing a Security Advisory to address a vulnerability in Microsoft XML Core Services. –The issue, if exploited, would permit remote code execution. –The Security Advisory describes the issue in greater detail and provides a no-reboot Fix it that blocks the vector in Internet Explorer. –We recommend that customers deploy EMET (the Enhanced Mitigation Experience Toolkit) for additional protection. This advisory affects all supported versions of Windows as well as Office 2003 and 2007 and Microsoft SQL.This advisory affects all supported versions of Windows as well as Office 2003 and 2007 and Microsoft SQL. Please see Security Advisory for more information.Please see Security Advisory for more information.Security Advisory Security Advisory
Dial In Number Pin: 5453 KB : Automatic Updater of Revoked Certificates Microsoft is improving the process by which customers interact with untrusted or compromised certificates and keys.Microsoft is improving the process by which customers interact with untrusted or compromised certificates and keys. –In the past, we issued CRLs – Certificate Revocation Lists – and customers would update their systems manually. –We are rolling out an automated process that will update Windows clients with no manual interaction on the part of customers. See KB for more information KB KB KB makes this feature available to customers using Windows Vista SP2, Windows Server 2008 SP2, Windows 7, or Windows Server 2008 R2 SP1, and is included in Windows 8 Release Preview and the Windows Server 2012 Release Candidate.KB makes this feature available to customers using Windows Vista SP2, Windows Server 2008 SP2, Windows 7, or Windows Server 2008 R2 SP1, and is included in Windows 8 Release Preview and the Windows Server 2012 Release Candidate. In August, we will release a change to how Windows manages certificates that have RSA keys of less than 1024 bits in length. We will treat all of these certificates as invalid, even if they are currently valid and signed by a trusted certificate authority.In August, we will release a change to how Windows manages certificates that have RSA keys of less than 1024 bits in length. We will treat all of these certificates as invalid, even if they are currently valid and signed by a trusted certificate authority.
Dial In Number Pin: 5453 Detection & Deployment ** Available via the Download Center and the Microsoft Dynamics Customer Source and Microsoft Dynamics Partner Source *** Except for Microsoft Lync 2010 Attendee (user-level install), which is available only via the Download Center.
Dial In Number Pin: 5453 Other Update Information
Dial In Number Pin: 5453 Windows Malicious Software Removal Tool (MSRT) During this release Microsoft will increase detection capability for the following families in the MSRT:During this release Microsoft will increase detection capability for the following families in the MSRT: –Win32/Cleaman: A malicious program lacking the ability to propagate on its own, Cleaman can perform a variety of actions on an infected machine as directed by a remote attacker. Win32/Cleaman: –Win32/Kuluoz: This trojan takes instruction from remote servers and is known in particular to download variants of Trojan:Win32/FakeSysdef, a fake security scanner. Win32/ Available as a priority update through Windows Update or Microsoft Update.Available as a priority update through Windows Update or Microsoft Update. Offered through WSUS 3.0 or as a download at: through WSUS 3.0 or as a download at:
Dial In Number Pin: 5453 Resources Blogs Microsoft Security Response Center (MSRC) blog: Security Response Center (MSRC) blog: Security Research & Defense blog: Research & Defense blog: Microsoft Malware Protection Center Blog: Malware Protection Center Blog: Twitter Security Centers Microsoft Security Home Page: Security Home Page: TechNet Security Center: Security Center: MSDN Security Developer Center: us/security/default.aspxMSDN Security Developer Center: us/security/default.aspx us/security/default.aspx us/security/default.aspx Bulletins, Advisories, Notifications & Newsletters Security Bulletins Summary: ary.mspxSecurity Bulletins Summary: ary.mspx ary.mspx ary.mspx Security Bulletins Search: Bulletins Search: Security Advisories: Advisories: Microsoft Technical Security Notifications: mspxMicrosoft Technical Security Notifications: mspx mspx mspx Microsoft Security Newsletter: Security Newsletter: Other Resources Update Management Process e/patchmanagement/secmod193.mspxUpdate Management Process e/patchmanagement/secmod193.mspx e/patchmanagement/secmod193.mspx e/patchmanagement/secmod193.mspx Microsoft Active Protection Program Partners: ners.mspxMicrosoft Active Protection Program Partners: ners.mspx ners.mspx ners.mspx
Dial In Number Pin: 5453 Questions and Answers Submit text questions using the “Ask” button.Submit text questions using the “Ask” button. Don’t forget to fill out the survey.Don’t forget to fill out the survey. A recording of this webcast will be available within 48 hours on the MSRC Blog: recording of this webcast will be available within 48 hours on the MSRC Blog: Register for next month’s webcast at: for next month’s webcast at:
Dial In Number Pin: 5453