Posted by: Pez
« on: 11. July 2012., 09:50:14 » Microsoft Security Bulletin Summary for July 2012
MS12-043
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479)
This security update resolves a publicly disclosed vulnerability in Microsoft XML Core Services. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes the user to the attacker's website.
Critical
Remote Code Execution
May require restart
Microsoft Windows,
Microsoft Office,
Microsoft Developer Tools,
Microsoft Server Software
MS12-044
Cumulative Security Update for Internet Explorer (2719177)
This security update resolves two privately reported vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Critical
Remote Code Execution
Requires restart
Microsoft Windows,
Internet Explorer
MS12-045
Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365)
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views a specially crafted webpage. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Critical
Remote Code Execution
May require restart
Microsoft Windows
MS12-046
Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960)
This security update resolves one publicly disclosed vulnerability in Microsoft Visual Basic for Applications. The vulnerability could allow remote code execution if a user opens a legitimate Microsoft Office file (such as a .docx file) that is located in the same directory as a specially crafted dynamic link library (DLL) file. An attacker could then install programs; view, change, or delete data; or create new accounts that have full user rights. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Important
Remote Code Execution
May require restart
Microsoft Office,
Microsoft Developer Tools
MS12-047
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2718523)
This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Important
Elevation of Privilege
Requires restart
Microsoft Windows
MS12-048
Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442)
This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a file or directory with a specially crafted name. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Important
Remote Code Execution
Requires restart
Microsoft Windows
MS12-049
Vulnerability in TLS Could Allow Information Disclosure (2655992)
This security update resolves a publicly disclosed vulnerability in TLS. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. All cipher suites that do not use CBC mode are not affected.
Important
Information Disclosure
Requires restart
Microsoft Windows
MS12-050
Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)
This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft SharePoint and Windows SharePoint Services. The most severe vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes the user to a targeted SharePoint site.
Important
Elevation of Privilege
May require restart
Microsoft Office,
Microsoft Server Software
MS12-051
Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015)
This security update resolves one publicly disclosed vulnerability in Microsoft Office for Mac. The vulnerability could allow elevation of privilege if a malicious executable is placed on an affected system by an attacker, and then another user logs on later and runs the malicious executable. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Important
Elevation of Privilege
Does not require restart
Microsoft Office
MS12-043
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479)
This security update resolves a publicly disclosed vulnerability in Microsoft XML Core Services. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes the user to the attacker's website.
Critical
Remote Code Execution
May require restart
Microsoft Windows,
Microsoft Office,
Microsoft Developer Tools,
Microsoft Server Software
MS12-044
Cumulative Security Update for Internet Explorer (2719177)
This security update resolves two privately reported vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Critical
Remote Code Execution
Requires restart
Microsoft Windows,
Internet Explorer
MS12-045
Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365)
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views a specially crafted webpage. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Critical
Remote Code Execution
May require restart
Microsoft Windows
MS12-046
Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960)
This security update resolves one publicly disclosed vulnerability in Microsoft Visual Basic for Applications. The vulnerability could allow remote code execution if a user opens a legitimate Microsoft Office file (such as a .docx file) that is located in the same directory as a specially crafted dynamic link library (DLL) file. An attacker could then install programs; view, change, or delete data; or create new accounts that have full user rights. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Important
Remote Code Execution
May require restart
Microsoft Office,
Microsoft Developer Tools
MS12-047
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2718523)
This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Important
Elevation of Privilege
Requires restart
Microsoft Windows
MS12-048
Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442)
This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a file or directory with a specially crafted name. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Important
Remote Code Execution
Requires restart
Microsoft Windows
MS12-049
Vulnerability in TLS Could Allow Information Disclosure (2655992)
This security update resolves a publicly disclosed vulnerability in TLS. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. All cipher suites that do not use CBC mode are not affected.
Important
Information Disclosure
Requires restart
Microsoft Windows
MS12-050
Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)
This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft SharePoint and Windows SharePoint Services. The most severe vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes the user to a targeted SharePoint site.
Important
Elevation of Privilege
May require restart
Microsoft Office,
Microsoft Server Software
MS12-051
Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015)
This security update resolves one publicly disclosed vulnerability in Microsoft Office for Mac. The vulnerability could allow elevation of privilege if a malicious executable is placed on an affected system by an attacker, and then another user logs on later and runs the malicious executable. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Important
Elevation of Privilege
Does not require restart
Microsoft Office