• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Three Critical Windows and .NET Bulletins

November 13, 2012 By Corey Nachreiner

Severity: High

Summary:

  • These vulnerabilities affect: All current versions of Windows and the .NET Framework
  • How an attacker exploits them: Multiple vectors of attack, including enticing users to view malicious fonts or to open specially crafted Briefcase folders
  • Impact: In the worst case, an attacker can gain complete control of your Windows computer
  • What to do: Install the appropriate Microsoft patches as soon as possible, or let Windows Automatic Update do it for you.

Exposure:

Today, Microsoft released three security bulletins describing ten vulnerabilities that affect Windows and components that often ship with it, such as the .NET Framework. Each vulnerability affects different versions of Windows to varying degrees. However, a remote attacker could exploit the worst of these flaws to gain complete control of your Windows PC. We recommend you download, test, and deploy these updates – especially the critical ones – as quickly as possible.

The summary below lists the vulnerabilities, in order from highest to lowest severity.

  • MS12-072: Two Windows Briefcase Memory Corruption Flaws

Briefcase is a Windows feature that allows you to keep files on two computers in sync, by placing them in a special “briefcase” folder. Unfortunately, Briefcase suffers from two memory corruptions flaws; an integer overflow and underflow vulnerability. By enticing one of your users to a maliciously crafted Briefcase folder, an attacker could exploit this flaw to execute code on that user’s computer, with that user’s level of privilege. Since most Windows users have local administrative rights, this typically means the attacker gains complete control of the victim computer.

Microsoft rating: Critical

  • MS12-074: Multiple .NET Framework Vulnerabilities

The .NET Framework is a software framework used by developers to create new Windows and web applications. Though it only ships by default with Windows Vista, you’ll find it on many Windows computers since it is essential to many applications.

The .NET Framework component suffers from five new security vulnerabilities.  The flaws differ greatly in scope and impact, and include an information disclosure issue, some elevation of privilege flaws, and a few remote code execution vulnerabilities. If an attacker has access to your local network, and can perform an ARP poisoning attack, he can exploit one of the worst vulnerabilities (in WPAD) to execute code on your Windows computers, with the local user’s privileges. If the user has local administrator privileges, the attacker gains full control of the computer. In short, if you install the .NET Framework on your Windows computers, you should update it as soon as possible.

Microsoft rating: Critical

  • MS12-075 :  Kernel-Mode Driver Elevation of Privilege Flaw

The kernel is the core component of any computer operating system. Windows also ships with a kernel-mode device driver (win32k.sys), which handles the OS’s device interactions at a kernel level. The Windows kernel-mode driver suffers from two elevation of privilege flaws and a remote code execution flaw. By enticing one of your users to view a specially crafted font, perhaps hosted at a malicious web site, an attacker could leverage the worst of these flaws to gain complete, kernel-level, control of your computer.

Microsoft rating: Critical

Solution Path:

Microsoft has released Windows patches that correct all of these vulnerabilities. You should download, test, and deploy the appropriate Windows patches throughout your network immediately. If you choose, you can also let Windows Update automatically download and install these updates for you.

The links below point directly to the “Affected and Non-Affected Software” section of each bulletin, where you can find the various updates:

  • MS12-072
  • MS12-074
  • MS12-075

For All WatchGuard Users:

WatchGuard’s Gateway Antivirus and Intrusion Prevention services can often prevent these sorts of attacks, or the malware they try to distribute.

More specifically, our IPS signature team has developed new signatures, which can detect and block many of these new Windows-related vulnerabilities:

  • EXPLOIT Microsoft Web Proxy Auto-Discovery Vulnerability (CVE-2012-4776)
  • EXPLOIT .NET Framework Insecure Library Loading -1 (CVE-2012-2519)
  • EXPLOIT .NET Framework Insecure Library Loading -2 (CVE-2012-2519)
  • EXPLOIT Windows Font Parsing Vulnerability (CVE-2012-2897)
  • EXPLOIT Microsoft Windows Briefcase Integer Underflow Vulnerability (CVE-2012-1527)
  • EXPLOIT Microsoft Windows Briefcase Integer Overflow Vulnerability (CVE-2012-1528)

Your appliance should get this new IPS update shortly.

Nonetheless, attackers can exploit some of these flaws in other ways, including by convincing users to run executable files locally. Since your gateway appliance can’t protect you against local attacks, we still recommend you install Microsoft’s updates to completely protect yourself from these flaws.

Status:

Microsoft has released patches correcting these issues.

References:

  • Microsoft Security Bulletin MS12-072
  • Microsoft Security Bulletin MS12-074
  • Microsoft Security Bulletin MS12-075

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).


What did you think of this alert? Let us know at [email protected].

Share This:

Related

Filed Under: Security Bytes Tagged With: ARP Poisoning, elevation of Privilege, IPS, Kernel-mode drivers, Microsoft, RCE, Updates and patches, Windows 8. Windows RT, WPAD

Comments

  1. prada outlet says

    August 6, 2013 at 11:11 am

    hfbihrtvnl Three Critical Windows and .NET Bulletins | WatchGuard Security Center hfbihrtvnl hfbihrtvnl hfbihrtvnl

    Reply
  2. prada outlet says

    August 6, 2013 at 11:11 am

    hfbihrtvnl Three Critical Windows and .NET Bulletins | WatchGuard Security Center hfbihrtvnl hfbihrtvnl hfbihrtvnl

    Reply
  3. adzic.hr says

    April 26, 2014 at 10:53 am

    Hi there! This is kind of off topic but I need some guidance fromm an established blog.
    Is it very difficuult to set up your own blog? I’m not very techincal but I can figure things
    out pretty quick. I’m thinking about creating my own but I’m not sure where to begin.
    Do you have anyy poiints or suggestions? Many thanks

    Reply
  4. adzic.hr says

    April 26, 2014 at 10:53 am

    Hi there! This is kind of off topic but I need some guidance fromm an established blog.
    Is it very difficuult to set up your own blog? I’m not very techincal but I can figure things
    out pretty quick. I’m thinking about creating my own but I’m not sure where to begin.
    Do you have anyy poiints or suggestions? Many thanks

    Reply
  5. Danilo says

    August 17, 2014 at 10:08 pm

    I know this web site presents quality based articles or reviews and extra information, is there any other site which presents these kinds of stuff in quality?

    Reply
  6. Danilo says

    August 17, 2014 at 10:08 pm

    I know this web site presents quality based articles or reviews and extra information, is there any other site which presents these kinds of stuff in quality?

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Here Come The Regulations
  • Successfully Prosecuting a Russian Hacker

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use