Executive Summary
Summary | |
---|---|
Title | Microsoft Updates for Multiple Vulnerabilities |
Informations | |||
---|---|---|---|
Name | TA12-073A | First vendor Publication | 2012-03-13 |
Vendor | US-CERT | Last vendor Modification | 2012-03-13 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
There are multiple vulnerabilities in Microsoft Windows, Microsoft Visual Studio, and Microsoft Expression Design. Microsoft has released updates to address these vulnerabilities. I. Description The Microsoft Security Bulletin Summary for March 2012 describes multiple vulnerabilities in Microsoft Windows, Microsoft Visual Studio, and Microsoft Expression Design. Microsoft has released updates to address the vulnerabilities. II. Impact A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system. III. Solution Apply updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for March 2012, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates. |
Original Source
Url : http://www.us-cert.gov/cas/techalerts/TA12-073A.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-20 | Improper Input Validation |
25 % | CWE-399 | Resource Management Errors |
25 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14217 | |||
Oval ID: | oval:org.mitre.oval:def:14217 | ||
Title: | PostMessage Function Vulnerability | ||
Description: | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0157 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14623 | |||
Oval ID: | oval:org.mitre.oval:def:14623 | ||
Title: | Remote Desktop Protocol Vulnerability | ||
Description: | The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0002 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14626 | |||
Oval ID: | oval:org.mitre.oval:def:14626 | ||
Title: | Terminal Server Denial of Service Vulnerability | ||
Description: | The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0152 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14973 | |||
Oval ID: | oval:org.mitre.oval:def:14973 | ||
Title: | Expression Design Insecure Library Loading Vulnerability | ||
Description: | Untrusted search path vulnerability in Microsoft Expression Design; Expression Design SP1; and Expression Design 2, 3, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .xpr or .DESIGN file, aka "Expression Design Insecure Library Loading Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0016 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Expression Design 1 Microsoft Expression Design 2 Microsoft Expression Design 3 Microsoft Expression Design 4 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15081 | |||
Oval ID: | oval:org.mitre.oval:def:15081 | ||
Title: | Visual Studio Add-In Vulnerability | ||
Description: | Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0008 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Visual Studio 2008 Microsoft Visual Studio 2010 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15098 | |||
Oval ID: | oval:org.mitre.oval:def:15098 | ||
Title: | DNS Denial of Service Vulnerability | ||
Description: | The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0006 | Version: | 4 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Microsoft Expression Design wintab32.dll Library Loading | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2013-07-09 | Name : Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671... File : nvt/secpod_ms12-020_remote.nasl |
2012-03-14 | Name : Microsoft Windows DNS Server Denial of Service Vulnerability (2647170) File : nvt/secpod_ms12-017.nasl |
2012-03-14 | Name : Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2641653) File : nvt/secpod_ms12-018.nasl |
2012-03-14 | Name : Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671... File : nvt/secpod_ms12-020.nasl |
2012-03-14 | Name : Microsoft Visual Studio Privilege Elevation Vulnerability (2651019) File : nvt/secpod_ms12-021.nasl |
2012-03-14 | Name : Microsoft Expression Design Remote Code Execution Vulnerability (2651018) File : nvt/secpod_ms12-022.nasl |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-03-15 | IAVM : 2012-A-0038 - Microsoft Expression Design Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0031884 |
2012-03-15 | IAVM : 2012-A-0039 - Multiple Vulnerabilities in Microsoft Remote Desktop Protocol Severity : Category I - VMSKEY : V0031885 |
2012-03-15 | IAVM : 2012-A-0040 - Microsoft Windows DNS Server Denial of Service Vulnerability Severity : Category I - VMSKEY : V0031886 |
2012-03-15 | IAVM : 2012-A-0042 - Microsoft Visual Studio Elevation of Privilege Vulnerability Severity : Category II - VMSKEY : V0031891 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Windows RemoteDesktop connect-initial pdu remote code execution att... RuleID : 21619 - Revision : 5 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows RemoteDesktop connect-initial pdu remote code execution att... RuleID : 21592 - Revision : 2 - Type : EXPLOIT |
2014-01-10 | Microsoft Windows Visual Studio .addin file access RuleID : 21576 - Revision : 6 - Type : FILE-OTHER |
2014-01-10 | Microsoft Windows RemoteDesktop connect-initial pdu remote code execution att... RuleID : 21572 - Revision : 5 - Type : EXPLOIT |
2014-01-10 | Microsoft Windows RemoteDesktop connect-initial pdu remote code execution att... RuleID : 21571 - Revision : 5 - Type : EXPLOIT |
2014-01-10 | Microsoft Windows RemoteDesktop new session flood attempt RuleID : 21570 - Revision : 9 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows RDP RST denial of service attempt RuleID : 21568 - Revision : 9 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Expression Design wintab32.dll dll-load exploit attempt RuleID : 21567 - Revision : 7 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Expression Design request for wintab32.dll over SMB attempt RuleID : 21566 - Revision : 11 - Type : OS-WINDOWS |
2014-01-10 | excessive outbound NXDOMAIN replies - possible spoof of domain run by local D... RuleID : 13949 - Revision : 17 - Type : PROTOCOL-DNS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-03-05 | Name : The DNS server running on the remote host is susceptible to a denial of servi... File : ms_dns_kb2647170.nasl - Type : ACT_GATHER_INFO |
2012-03-13 | Name : The remote Windows host is susceptible to a denial of service attack. File : smb_nt_ms12-017.nasl - Type : ACT_GATHER_INFO |
2012-03-13 | Name : The remote Windows kernel is affected by a privilege escalation vulnerability. File : smb_nt_ms12-018.nasl - Type : ACT_GATHER_INFO |
2012-03-13 | Name : The remote Windows host could allow arbitrary code execution. File : smb_nt_ms12-020.nasl - Type : ACT_GATHER_INFO |
2012-03-13 | Name : The remote Windows host contains a development application that is affected b... File : smb_nt_ms12-021.nasl - Type : ACT_GATHER_INFO |
2012-03-13 | Name : The Microsoft Expression Design install on the remote Windows host could allo... File : smb_nt_ms12-022.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-03-07 13:21:06 |
|