Internet Security Systems - AlertCon(TM)

August 2012 Microsoft Super Tuesday

Posted by Shane Garrett on August 14, 2012 at 2:24 PM EDT.

Two of the bulletins addressed this month by Microsoft are remote code exploitation attacks that have either seen active exploitation (MSCOMCTL) or have public proof of concepts available (Exchange).  In addition to these two bulletins we've also given a summary of the other bulletins rated Critical. 

  • MS12-060 : Vulnerability in Windows Common Controls Could Allow Remote Code Execution

    Another bug in the Microsoft Common Control library (MSCOMCTL) that can be leveraged for remote code execution was addressed in this update.  Earlier in April of this year, Microsoft released MS12-027 which addressed a similar problem in the same library.  Both this vulnerability and the previous one have seen active exploitation.  Since MSCOMCTL is a COM/ActiveX control, it can be embedded in web pages or common document formats such as DOC, XLS or RTF.  Due to the active exploitation of this vulnerability and the large attack surface, it should be patched immediately.


  • MS12-058 : Vulnerability in Microsoft Exchange Server WebReady Document Viewing Could Allow Remote Code Execution

    This bulletin addresses a number of remote code execution vulnerabilities that affect Microsoft Exchange.  These are due to the Outlook Web App's (OWA) WebReady Document Viewing feature which uses Oracle's Outside-In technology to render some types of file formats.  An attacker could email a malicious file to a victim who then views it over OWA.  This could lead to attacker supplied code running on the server in the context of the Local System account.  These issues were originally fixed in Oracle's July 2012 Critical Update and are now being updated in Exchange.  More specifically, these vulnerabilities were in the code responsible for parsing the .VSD, .WSD, .JP2, .DOC, .SXD, .LWP, .PCX, .SXI, .DPT, .PDF, .SAM, .ODG, and .CDR file formats.  Public proof-of-concept exploits for some of the file formats are available so this update should be applied immediately.


  • MS12-053 : Vulnerability in Remote Desktop Could Allow Remote Code Execution

    One privately reported vulnerability in the Remote Desktop Protocol (RDP) was addressed in this update.  This vulnerability can be exploited for remote code execution by an attacker sending specially crafted packets to the victim's machine running  RDP.  Although RDP isn't enabled by default on Windows OSes, it is often enabled on high priority servers in order to remotely administer them.  This update should be applied to all systems.


  • MS12-052 : Cumulative Security Update for Internet Explorer

    Four privately reported vulnerabilities in Internet Explorer were addressed in this update.  All of them can be exploited for remote code execution in the context of the current user by viewing a malicious web page.  One of the vulnerabilities is in the JavaScript engine itself, which is also separately addressed in MS12-056.  Due to the potential for exploit the update for Internet Explorer should be applied to all systems.


  • MS12-054 : Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution

    Four privately reported vulnerabilities in various Windows networking components were addressed in this update. Three of the issues were in the remote administration protocol, two of which could be leverage for remote code access; the other is a denial-of-service. The print spooler service was also affected by a remote code execution vulnerability. An attacker could exploit these vulnerabilities by sending specially crafted packets to the affected services. Due to the severity of these issues the update should be immediately applied.


Comments or opinions expressed on this Weblog are the opinions of the authors alone. They are not necessarily reviewed in advance by anyone but the individual authors, and neither IBM Internet Security Systems nor any other party necessarily agrees with them. The views expressed by outside contributors and links to outside websites do not represent the views of IBM Internet Security Systems, its management or employees. All content on this Weblog has been made available on an “as-is” basis, and IBM Internet Security Systems shall not be liable for any direct or indirect damages arising out of use of this Weblog.