Nullcode Hunting Security Bugs

We can help you, if you need to reduce the Risk...

  • Aumentar fuente
  • Fuente predeterminada
  • Disminuir fuente
Looking for bugs ,Auditing Cod3

+12 Years working on Security Information!

Sábado, 19 de Marzo de 2011 22:16 thomassofia
E-mail Imprimir PDF

My name is Ivan Sanchez , I've been working on security subjects since 1998 for companies below mentioned

Esta dirección electrónica esta protegida contra spam bots. Necesita activar JavaScript para visualizarla

http://www.linkedin.com/in/nullcode

  • Engineer Degree
  • ITIL Certified
  • Auditor Code /CMMI
  • CISM

The project Nullcode Services  started to work in 2004,reporting vulnerabilties , auditing code,looking for bugs into the code and so on, offering Security Services. Recently, We have started to work in the second project reporting vulnerabilities www.evilcode.com.ar

Working for:


* Telecom Group

* Velocom ISP

* Core Technologies

* Phillips Morris International Services

* Monsanto Company

* Logistic Group

* Governance


 

 

Última actualización el Sábado, 13 de Agosto de 2011 19:28  
  • Well Websecurify Runs on The iPhone
    This is not necessarily news anymore since it was discussed on the Websecurify official blog but we are so excited about it that we could not hold ourselves from posting it here too. The testing engine used in this particular version of Websecurify is optimized to run with the least possible amount of memory. The results of the scanner are as good as those produced by all other Websecurify variants although in some cases it may miss some statistically unlikely types of issues. [...]
  • Stuxnet
    I have been avoiding the topic about Stuxnet for quite some time, mainly because there were many others who spent the time to take the virus apart. However, here is a video, which I find rather amusing: Wether this is the real deal or simply fear mongering, I simply don’t know. It is all speculations at the moment. [...]
  • Having fun with BeEF, the browser exploitation framework
    We haven’t featured any guest bloggers in a while, but we’re glad to be featuring Chirstian Frichot this month! Christian is a security professional based in Perth, Western Australia. He’s currently working in the finance industry as part of a tight-knit internal team of security consultants doing their best to protect their business and customers from technical threats such as malware or insecure web applications. [...]
  • ColdFusion directory traversal FAQ (CVE-2010-2861)
    A new Adobe hotfix for ColdFusion has been released recently. The vulnerability which was discovered by Richard Brain, was rated as important by Adobe and could affect a large number of Internet-facing web servers. The FAQ bellow is meant to shed some light on this vulnerability so that ColdFusion administrators can understand what they’re up against. [...]
  • 1ST European Edition of HITB Coming Up!
    In case you haven’t heard yet, HITBSecConf is hosting the first European Edition of their conference in Amsterdam during 1st-2nd July ’10. The history of the HITB conferences can be traced back to 2002, the year in which the first ever edition of HITB took place in Malaysia. Since then, HITB has grown to become the biggest technical computer security event in Asia and has extended their presence to the Middle East and now Europe. [...]
  • Hacking Linksys IP Cameras (pt 6)
    This article is a continuation of the following GNUCITIZEN articles: here, here, here, here and here. As we know, there are several ways one could go about hunting for IP cameras on the net. The slowest way would be to portscan random IP addresses for certain ports and programmatically detect if the web interface of a given camera was available on the open ports found. [...]
  • Dnsmap v0.30 is now out!
    After working on dnsmap for a few months whenever time allowed, I decided there were enough additional goodies to make version 0.30 a new public release. Let me just say that a lot of the bugs that have been fixed, and features that have been added to this version would not be possible without the feedback from great folks such as Borys Lacki (www.bothunters.pl), Philipp Winter (7c0.org) and meathive (kinqpinz.info). Thanks guys, your feedback was highly valuable to me. [...]
  • Old-school Remote Command Exec Vulnerabilities on Avaya Intuity
    Remember those old remote command exec vulns where you had a CGI script such as a perl program which would take input from the client to construct command strings that would then be passed to the shell environment? Well, there were tons of those affecting diagnostic scripts available on the web interface of Avaya Intuity Audix LX. These vulnerabilities, although cool, are not critical since you need to be logged into the interface in order to exploit them. [...]
  • Skydive
    What is the best way to spend a quiet, weekend afternoon? – Jump off a perfectly working plane while 10,000 feet in the air. On 5th of July 2009, the GNUCITIZEN team and friends came together to perform a skydiving gig. [...]
  • Free Web Application Security Testing Tool
    Automated Web Application Security Testing tools are in the core of modern penetration testing practices. You cannot rely 100% on the results they produce, without considering seriously their limitations. However, because these tools are so good at picking the low-hanging fruit by employing force and repetition, they still have a place in our arsenal of penetrating testing equipment. These tools are not unfamiliar to modern day penetration testers. [...]
  • Of Sec Cons and Magstripe Gift Cards
    I’ve been meaning to talk about CONFidence and EUSecWest for quite a while, but May was such an intense month for me, that’s hardly left me with any time for other things. I eventually got caught up with other matters, which resulted in me publishing this post about 2 months late. I’ve been researching, pentesting, and preparing two different presentations which I gave at CONFidence in Krakow, and EUSecWest in London. pdp has also been busy presenting at AusCERT2009. [...]
  • CVE-2009-1151: phpMyAdmin Remote Code Execution Proof of Concept
    I couldn’t find any public PoC/exploit for this phpMyAdmin vulnerability, despite it being a serious bug affecting a popular open-source project. I think this vulnerability is a nice reminder that it’s still possible to perform remote command execution these days without relying on SQL injection (i.e.: xp_cmdshell) or a memory corruption bug (i.e.: heap overflow). [...]
  • Hacking Linksys IP Cameras (pt 5)
    This article is a continuation of the following GNUCITIZEN articles: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2), Hacking Linksys IP Cameras (pt 3), Hacking Linksys IP Cameras (pt 4). Mounting the filesystem on your workstation There are many ways to mount the camera’s filesystem using the firmware binary. In this post, we’ll explain one way to mount firmware version v1.00R24 which is the latest available for the WVC54GCA model. [...]
  • Breaking Into a Home With an iPhone
    This is going to be one of these quick posts which just makes you think what the information security landscape will be like in 5 years. Before I move on with my commentary, here is a video which is essential for you to watch. Got the idea? No? Let me explain. What you see in the video above is an application for the iPhone which gives you detailed characteristics of properties (houses) in USA. [...]
  • Extensions at War
    Oh yes, the digital battlefield is taking unusual shapes. The latest manifestation of cyber warfare is a conflict between the Adblock Plus and the NoScript extensions. The story goes that NoScript used some JavaScript tactics and, of course, some obfuscations in order to cripple the Adblock Plus functionalities. This attack was a response to Adblock Plus blocking NoScript ads which you see when you upgrade the extension, which as you know happens quite regularly, don’t know why. [...]
  • Exploit Sweatshop
    When I was playing/introducing the partial disclosure practice an year and something ago, I did get contacted by numerous dodgy characters willing to buy yet undisclosed vulnerabilities for substantial amount of money. Of course, requests of that nature were kindly ignored. I couldn’t believe that someone was willing to give me so much money for something I virtually spent 2-3 hours maximum to produce. [...]
  • Jeriko Group and Source Code Repository
    Jeriko moved in its own source code repository which you will be able to find here. There is also a discussion group here, if you feel like using it. The version inside the new code repository is very different from the version you’ve seen before. The main difference is that while the old version is basically a collection of scripts, the new version implements its own shell (wrapper around bash) which does the heavily lifting and also introduces some funky programming mechanisms. [...]
  • Hacking Linksys IP Cameras (pt 4)
    This article is a continuation of the following GNUCITIZEN articles, which include an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2), Hacking Linksys IP Cameras (pt 3). There are two types of vulnerabilities I will be releasing today: disclosure of credentials in client-side source code and multiple XSS. [...]
  • Hacking Linksys IP Cameras (pt 3)
    This article is a continuation of the following GNUCITIZEN articles, which include an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2). Unlike the previous two vulnerabilities I released, the vulnerabilities I’m releasing in this post are perhaps not so useful to break into the device as you need access to the admin account to exploit them. [...]
  • Hacking Linksys IP Cameras (pt 2)
    This article is a continuation of the following GNUCITIZEN article, which includes an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1). Privilege escalation via arbitrary file retrieval The second vulnerability I’ll be releasing is an arbitrary(ish) file retrieval vulnerability. It’s not fully arbitrary because you can only retrieve the contents of files located within the same directory where the vulnerable CGI program is located. [...]

SAP Security & Compliance

Bugs-Issues-Mistakes

CoreLabs IT Security Research: Vulnerability Advisories
CoreLabs regularly publishes security advisories about vulnerabilities we discovered or found collaboratively with other IS professionals.
  • Windows Kernel ReadLayoutFile Heap Overflow
    May 8th - Nicolas Economou
    There is a bug in the ReadLayoutFile Windows Kernel function that can be leveraged into a local privilege escalation exploit, potentially usable in a client-side attack scenario or after a remote intrusion by other means.
  • SAP Netweaver Dispatcher Multiple Vulnerabilities
    May 8th - Martin Gallo
    Multiple vulnerabilities have been found in SAP Netweaver that could allow an unauthenticated, remote attacker to execute arbitrary code and lead to denial of service conditions.
  • Apple OS X Sandbox Predefined Profiles Bypass
    November 10th - Anibal Sacco and Matias Eissler
    Several of the default pre-defined sandbox profiles don't properly limit all the available mechanisms and therefore allow exercising part of the restricted functionality.
  • Adobe Shockwave Player TextXtra.x32 vulnerability
    November 8th - Pablo Santamaria
    A memory corruption vulnerability in Adobe Shockwave Player can be leveraged to execute arbitrary code on vulnerable systems by enticing users to visit a malicious web site with a specially crafted .dir file.
  • e107 CMS Script Command Injection
    October 24th - Matt Bergin and Matias Blanco
    When the install script for e107 CMS has not been removed, an attacker can "reinstall" the application using arbitrary parameters. If the attacker puts a valid MySql server followed a semicolon and PHP code, this will be executed when the config file gets requested.
  • Microsoft Publisher 2007 Pubconv.dll Memory Corruption
    October 12th - Daniel Kazimirow
    A vulnerability has been found in Microsoft Publisher 2007, that can be leveraged by an attacker to execute arbitrary code by enticing users to insert a specially-crafted .pub file into a document.
  • Multiples Vulnerabilities in ManageEngine ServiceDesk Plus
    14th September - Matias Blanco
    The authentication process of ServiceDesk Plus obfuscates user passwords using a trivial and symmetrical algorithm in Javascript code with no secret. Given that user passwords are locally stored in user cookies and having the Javascript code to encrypt and decrypt passwords in a .js file, the authentication process of SDP can be bypassed allowing an attacker to get usernames+passwords of registered users. Additionally, a cross site scripting vulnerability related to search functions was found.
  • MS WINS ECommEndDlg Input Validation Error
    12th September - Nicolas Economou
    A security vulnerability was discovered in the Windows Internet Name Service (WINS). The vulnerability could allow elevation of privilege if a user receives a specially crafted WINS replication packet on an affected system running the WINS service. An attacker must have valid logon credentials and be able to log on locally in order to exploit this vulnerability.
  • HP Data Protector EXEC_CMD Buffer Overflow Vulnerability
    29th June - Nahuel C. Riva
    A vulnerability in HP Data Protector could allow a remote attacker to execute arbitrary code.
  • Multiple vulnerabilities in HP Data Protector
    29th June - Oren Isacson
    Multiple vulnerabilities have been found in HP Data Protector that could allow a remote attacker to execute arbitrary code and lead to denial of service conditions.
  • IBM WebSphere Application Server Cross-Site Request Forgery
    June 15th - Francisco Falcon y Alejandro Rodriguez
    The administrative console of IBM WebSphere Application Server is vulnerable to Cross-Site Request Forgery (CSRF) attacks, which can be exploited by remote attackers to force a logged-in administrator to perform unwanted actions on the IBM WebSphere administrative console.
  • MS HyperV Persistent DoS Vulnerability
    14th June - Nicolas Economou
    A security vulnerability was found in the driver vmswitch.sys, associated to the Windows Hypervisor subsystem, allowing an authenticated local DoS. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. The impact is all guests on that host became non-responsive.
  • Lotus Notes XLS viewer malformed BIFF record heap overflow
    May 24th - Pablo Santamaria, Oren Isacson and Nadia Rodriguez
    A memory corruption vulnerability in the Lotus Notes client application can be leveraged to execute arbitrary code on vulnerable systems by enticing users to open specially crafted spreadsheet files with the .XLS extension.
  • Adobe Audition vulnerability processing malformed session file
    May 12th - Diego Juárez, Eduardo Koch and Laura Balián
    Adobe audition is vulnerable to numerous buffer overflows while parsing several fields inside the TRKM chunk on session (.ses) files. Then, a memory corruption can be leveraged to execute arbitrary code on vulnerable systems by enticing users to open specially crafted session files.
  • Oracle GlassFish Server Administration Console Authentication Bypass
    May 11th - Francisco Falcón
    The Administration Console in Oracle GlassFish Server, which is listening by default on port 4848/TCP, is prone to an authentication bypass vulnerability. This vulnerability can be exploited by remote attackers to access sensitive data on the server without being authenticated, by making TRACE requests against the Administration Console.

Patching the System

Microsoft Security Bulletins
Microsoft Security Bulletins
  • MS12-034 - Critical : Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578) - Version: 1.1
    Severity Rating: Critical
    Revision Note: V1.1 (May 16, 2012): Added a link to Microsoft Knowledge Base Article 2681578 under Known Issues in the Executive Summary. Also added Microsoft .NET Framework 1.1 Service Pack 1 to the Non-Affected Software table and corrected the update replacement information for Microsoft Office. These were informational changes only. There were no changes to the security update files or detection logic.
    Summary: This security update resolves three publicly disclosed vulnerabilities and seven privately reported vulnerabilities in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a malicious webpage that embeds TrueType font files. An attacker would have no way to force users to visit a malicious website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website.
  • MS12-035 - Critical : Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777) - Version: 2.0
    Severity Rating: Critical
    Revision Note: V2.0 (May 11, 2012): Added an entry to the update FAQ to communicate that security update KB2656353 addresses the vulnerabilities described in this bulletin for all supported systems running Microsoft .NET Framework 1.1 Service Pack 1, except when installed on Windows Server 2003 Service Pack 2. There were no changes to the security update files. Customers who have successfully installed the update do not need to take any action.
    Summary: This security update resolves two privately reported vulnerabilities in the .NET Framework. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS11-100 - Critical : Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420) - Version: 1.4
    Severity Rating: Critical
    Revision Note: V1.4 (May 11, 2012): Added entry to the update FAQ to announce that KB2656353, offered in this bulletin, also addresses CVE-2012-0160 and CVE-2012-0161, which are documented in MS12-035.
    Summary: This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if an unauthenticated attacker sends a specially crafted web request to the target site. An attacker who successfully exploited this vulnerability could take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands. In order to exploit this vulnerability, an attacker must be able to register an account on the ASP.NET site, and must know an existing user name.
  • MS12-030 - Important : Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2663830) - Version: 1.1
    Severity Rating: Important
    Revision Note: V1.1 (May 9, 2012): Removed erroneous reference to known issues from the Executive Summary and updated the title of CVE-2012-1847.
    Summary: This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS12-032 - Important : Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338) - Version: 1.1
    Severity Rating: Important
    Revision Note: V1.1 (May 9, 2012): Corrected mitigating factors for CVE-2012-0174 and CVE-2012-0179 in the Vulnerability Information section.
    Summary: This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
  • MS12-029 - Critical : Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352) - Version: 1.1
    Severity Rating: Critical
    Revision Note: V1.1 (May 9, 2012): Corrected update replacement information for Microsoft Office Compatibility Pack Service Pack 2. This is a bulletin change only. There were no changes to detection logic or security update files.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS12-031 - Important : Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2597981) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (May 8, 2012): Bulletin published.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS12-033 - Important : Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (May 8, 2012): Bulletin published.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
  • MS12-027 - Critical : Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258) - Version: 2.0
    Severity Rating: Critical
    Revision Note: V2.0 (April 26, 2012): Added Service Pack 1 versions of SQL Server 2008 R2 to the Affected Software and added an entry to the update FAQ to explain which SQL Server 2000 update to use based on version ranges. These are informational changes only. There were no changes to the security update files or detection logic. For a complete list of changes, see the entry to the section, Frequently Asked Questions (FAQ) Related to This Security Update.
    Summary: This security update resolves a privately disclosed vulnerability in Windows common controls. The vulnerability could allow remote code execution if a user visits a website containing specially crafted content designed to exploit the vulnerability. In all cases, however, an attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website. The malicious file could be sent as an email attachment as well, but the attacker would have to convince the user to open the attachment in order to exploit the vulnerability.
  • MS12-028 - Important : Vulnerability in Microsoft Office Could Allow Remote Code Execution (2639185) - Version: 1.1
    Severity Rating: Important
    Revision Note: V1.1 (April 25, 2012): Added an entry to the update FAQ to explain why this update is offered to customers running Microsoft Office 2007 Service Pack 3.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Office and Microsoft Works. The vulnerability could allow remote code execution if a user opens a specially crafted Works file. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS12-017 - Important : Vulnerability in DNS Server Could Allow Denial of Service (2647170) - Version: 1.1
    Severity Rating: Important
    Revision Note: V1.1 (April 18, 2012): Added a link to Microsoft Knowledge Base Article 2647170 under Known Issues in the Executive Summary and corrected the bulletin replacement information for Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition Service Pack 2, and Windows Server 2003 with SP2 for Itanium-based Systems. This is a bulletin change only. There were no changes to the detection.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a remote unauthenticated attacker sends a specially crafted DNS query to the target DNS server.
  • MS12-026 - Important : Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860) - Version: 1.1
    Severity Rating: Important
    Revision Note: V1.1 (April 18, 2012): Corrected the bulletin replacement information for Microsoft Forefront Unified Access Gateway 2010 Service Pack 1. This is a bulletin change only. There were no changes to the detection or security update files.
    Summary: This security update resolves two privately reported vulnerabilities in Microsoft Forefront Unified Access Gateway (UAG). The more severe of the vulnerabilities could allow information disclosure if an attacker sends a specially crafted query to the UAG server.
  • MS12-025 - Critical : Vulnerability in .NET Framework Could Allow Remote Code Execution (2671605) - Version: 1.1
    Severity Rating: Critical
    Revision Note: V1.1 (April 13, 2012): Added a link to Microsoft Knowledge Base Article 2671605 under Known Issues
    Summary: This security update resolves one privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. In a web browsing attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.
  • MS12-023 - Critical : Cumulative Security Update for Internet Explorer (2675157) - Version: 1.0
    Severity Rating: Critical
    Revision Note: V1.0 (April 10, 2012): Bulletin published.
    Summary: This security update resolves five privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS12-024 - Critical : Vulnerability in Windows Could Allow Remote Code Execution (2653956) - Version: 1.0
    Severity Rating: Critical
    Revision Note: V1.0 (April 10, 2012): Bulletin published.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user or application runs or installs a specially crafted, signed portable executable (PE) file on an affected system.
  • MS12-022 - Important : Vulnerability in Expression Design Could Allow Remote Code Execution (2651018) - Version: 1.1
    Severity Rating: Important
    Revision Note: V1.1 (March 14, 2012): Removed erroneous installation switch option descriptions from the Security Update Deployment tables for all supported releases. This is an informational change only. There were no changes to the detection logic or the update files.
    Summary: This security update resolves one privately reported vulnerability in Microsoft Expression Design. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .xpr or .DESIGN file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Microsoft Expression Design could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .xpr or .DESIGN file) from this location that is then loaded by a vulnerable application.
  • MS10-058 - Important : Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886) - Version: 2.0
    Severity Rating: Important
    Revision Note: V2.0 (March 13, 2012): Revised bulletin to announce a detection change that removes MS10-029 as the replaced bulletin for all supported editions of Windows Vista and Windows Server 2008. For more information, see the related entry in the update FAQ.
    Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege due to an error in the processing of a specific input buffer. An attacker who is able to log on to the target system could exploit this vulnerability and run arbitrary code with system-level privileges. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • MS12-021 - Important : Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (March 13, 2012): Bulletin published.
    Summary: This security update resolves one privately reported vulnerability in Visual Studio. The vulnerability could allow elevation of privilege if an attacker places a specially crafted add-in in the path used by Visual Studio and convinces a user with higher privileges to start Visual Studio. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
  • MS11-030 - Critical : Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553) - Version: 1.1
    Severity Rating: Critical
    Revision Note: V1.1 (March 13, 2012): Added a link to Microsoft Knowledge Base Article 2509553 under Known Issues in the Executive Summary.
    Summary: This security update resolves a privately reported vulnerability in Windows DNS resolution. The vulnerability could allow remote code execution if an attacker gained access to the network and then created a custom program to send specially crafted LLMNR broadcast queries to the target systems. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. In this case, the LLMNR ports should be blocked from the Internet.
  • MS12-018 - Important : Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2641653) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (March 13, 2012): Bulletin published.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
  • MS12-020 - Critical : Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387) - Version: 1.0
    Severity Rating: Critical
    Revision Note: V1.0 (March 13, 2012): Bulletin published.
    Summary: This security update resolves two privately reported vulnerabilities in the Remote Desktop Protocol. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.
  • MS12-019 - Moderate : Vulnerability in DirectWrite Could Allow Denial of Service (2665364) - Version: 1.0
    Severity Rating: Moderate
    Revision Note: V1.0 (March 13, 2012): Bulletin published.
    Summary: This security update resolves a publicly disclosed vulnerability in Windows DirectWrite. In an Instant Messenger-based attack scenario, the vulnerability could allow denial of service if an attacker sends a specially crafted sequence of Unicode characters directly to an Instant Messenger client. The target application could become unresponsive when DirectWrite renders the specially crafted sequence of Unicode characters.
  • MS11-025 - Important : Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212) - Version: 4.3
    Severity Rating: Important
    Revision Note: V4.3 (March 13, 2012): Added an entry to the update FAQ to announce a detection change for KB2565063 and KB2565057 to correct an installation issue. This is a detection change only. There were no changes to the security update files. Customers who have already successfully updated their systems do not need to take any action.
    Summary: This security update resolves a publicly disclosed vulnerability in certain applications built using the Microsoft Foundation Class (MFC) Library. The vulnerability could allow remote code execution if a user opens a legitimate file associated with such an affected application, and the file is located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by the affected application.
  • MS11-067 - Important : Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230) - Version: 1.1
    Severity Rating: Important
    Revision Note: V1.1 (March 13, 2012): Added an entry to the update FAQ to announce a detection change for KB2548826 to correct an installation issue. This is a detection change only. There were no changes to the security update files. Customers who have already successfully updated their systems do not need to take any action.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Report Viewer. The vulnerability could allow information disclosure if a user views a specially crafted Web page. In all cases, however, an attacker would have no way to force a user to visit the Web site. Instead, an attacker would have to persuade a user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the vulnerable Web site.
  • MS11-088 - Important : Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016) - Version: 1.2
    Severity Rating: Important
    Revision Note: V1.2 (February 22, 2012): Clarified product support status for Microsoft Office Pinyin SimpleFast Style 2010 and Microsoft Office Pinyin New Experience Style 2010. These versions of Microsoft Office Pinyin are no longer supported. Microsoft recommends that all customers of these versions upgrade to the latest version of Microsoft Pinyin IME 2010 available through Microsoft Office 2010. See update FAQ for details.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Office IME (Chinese). The vulnerability could allow elevation of privilege if a logged-on user performed specific actions on a system where an affected version of the Microsoft Pinyin (MSPY) Input Method Editor (IME) for Simplified Chinese is installed. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. Only implementations of Microsoft Pinyin IME 2010 are affected by this vulnerability. Other versions of Simplified Chinese IME and other implementations of IME are not affected.
  • MS12-001 - Important : Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615) - Version: 1.1
    Severity Rating: Important
    Revision Note: V1.1 (February 22, 2012): Added a link to Microsoft Knowledge Base Article 2644615 under Known Issues in the Executive Summary.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow an attacker to bypass the SafeSEH security feature in a software application. An attacker could then use other vulnerabilities to leverage the structured exception handler to run arbitrary code. Only software applications that were compiled using Microsoft Visual C++ .NET 2003 can be used to exploit this vulnerability.
  • MS11-089 - Important : Vulnerability in Microsoft Office Could Allow Remote Code Execution (2590602) - Version: 1.2
    Severity Rating: Important
    Revision Note: V1.2 (February 22, 2012): Revised the bulletin to identify the update package KB numbers for the following non-affected software that this update applies to: Microsoft Visio (KB2553374), Microsoft Visio Viewer (KB2553353), Microsoft Office Web Application Companions (WAC) (KB2553153), and Microsoft SharePoint Server 2010 (KB2553132). See the update FAQ for details.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS12-014 - Important : Vulnerability in Indeo Codec Could Allow Remote Code Execution (2661637) - Version: 1.1
    Severity Rating: Important
    Revision Note: V1.1 (February 22, 2012): Added a link to Microsoft Knowledge Base Article 2661637 under Known Issues in the Executive Summary.
    Summary: This security update resolves one publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .avi file) that is located in the same directory as a specially crafted dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS12-016 - Critical : Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026) - Version: 1.2
    Severity Rating: Critical
    Revision Note: V1.2 (February 15, 2012): Removed erroneous reference to known issues from the Executive Summary.
    Summary: This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted web page using a web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS11-049 - Important : Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893) - Version: 2.4
    Severity Rating: Important
    Revision Note: V2.4 (February 15, 2012): Corrected the SQL Server Version Range for SQL Server 2008 R2 in the update FAQ.
    Summary: This security update resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system.
  • MS12-010 - Critical : Cumulative Security Update for Internet Explorer (2647516) - Version: 1.0
    Severity Rating: Critical
    Revision Note: V1.0 (February 14, 2012): Bulletin published.
    Summary: This security update resolves four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS12-008 - Critical : Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465) - Version: 1.0
    Severity Rating: Critical
    Revision Note: V1.0 (February 14, 2012): Bulletin published.
    Summary: This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if a user visits a website containing specially crafted content or if a specially crafted application is run locally. An attacker would have no way to force users to visit a malicious website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website.
  • MS12-015 - Important : Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2663510) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (February 14, 2012): Bulletin published.
    Summary: This security update resolves five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS12-011 - Important : Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (February 14, 2012): Bulletin published.
    Summary: This security update resolves three privately reported vulnerabilities in Microsoft SharePoint and Microsoft SharePoint Foundation. These vulnerabilities could allow elevation of privilege or information disclosure if a user clicked a specially crafted URL.
  • MS12-013 - Critical : Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428) - Version: 1.0
    Severity Rating: Critical
    Revision Note: V1.0 (February 14, 2012): Bulletin published.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted media file that is hosted on a website or sent as an email attachment. An attacker who successfully exploited the vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS12-009 - Important : Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (February 14, 2012): Bulletin published.
    Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities.
  • MS12-012 - Important : Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (February 14, 2012): Bulletin published.
    Summary: This security update resolves one publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .icm or .icc file) that is located in the same directory as a specially crafted dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS11-098 - Important : Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171) - Version: 1.1
    Severity Rating: Important
    Revision Note: V1.1 (February 1, 2012): Added a link to Microsoft Knowledge Base Article 2633171 under Known Issues in the Executive Summary.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to exploit the vulnerability. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
  • MS12-004 - Critical : Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391) - Version: 1.2
    Severity Rating: Critical
    Revision Note: V1.2 (January 27, 2012): Corrected the aggregate severity rating for the KB2631813 update package in the Affected Software table for all supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. This is a bulletin change only. There were no changes to the security update files or detection logic. Customers should apply all update packages offered for the software installed on their systems. See the update FAQ for details.
    Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS12-006 - Important : Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584) - Version: 1.1
    Severity Rating: Important
    Revision Note: V1.1 (January 18, 2012): Added MS10-085 as a bulletin replaced by the KB2585542 update for Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for Itanium-based Systems. This is an informational change only. There were no changes to the detection logic or the update files.
    Summary: This security update resolves a publicly disclosed vulnerability in SSL 3.0 and TLS 1.0. This vulnerability affects the protocol itself and is not specific to the Windows operating system. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.
  • MS12-007 - Important : Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664) - Version: 2.1
    Severity Rating: Important
    Revision Note: V2.1 (January 16, 2012): Added a link to Microsoft Knowledge Base Article 2607664 under Known Issues in the Executive Summary. Also, revised entry in the update FAQ to clarify why the upgrade to AntiXSS Library version 4.2.1 is only available from the Microsoft Download Center.
    Summary: This security update resolves one privately reported vulnerability in the Microsoft Anti-Cross Site Scripting (AntiXSS) Library. The vulnerability could allow information disclosure if an attacker passes a malicious script to a website using the sanitization function of the AntiXSS Library. The consequences of the disclosure of that information depends on the nature of the information itself. Note that this vulnerability would not allow an attacker to execute code or to elevate the attacker's user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. Only sites that use the sanitization module of the AntiXSS Library are affected by this vulnerability.
  • MS12-003 - Important : Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (January 10, 2012): Bulletin published.
    Summary: This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker successfully exploited this vulnerability. The attacker could then take complete control of the affected system and install programs; view, change, or delete data; or create new accounts with full user rights. Only systems configured with a Chinese, Japanese, or Korean system locale are affected.
  • MS12-005 - Important : Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (January 10, 2012): Bulletin published.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file containing a malicious embedded ClickOnce application. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS12-002 - Important : Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (January 10, 2012): Bulletin published.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file with an embedded packaged object that is located in the same network directory as a specially crafted executable file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS11-099 - Important : Cumulative Security Update for Internet Explorer (2618444) - Version: 1.2
    Severity Rating: Important
    Revision Note: V1.2 (January 10, 2012): Announced that this update, MS11-099, enables the protections provided in the Vulnerability in SSL/TLS Could Allow Information Disclosure update, MS12-006, for Internet Explorer. For more information, see the Update FAQ.
    Summary: This security update resolves three privately reported vulnerabilities in Internet Explorer. The most severe vulnerability could allow remote code execution if a user opens a legitimate HyperText Markup Language (HTML) file that is located in the same directory as a specially crafted dynamic link library (DLL) file.
  • MS11-094 - Important : Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2639142) - Version: 1.1
    Severity Rating: Important
    Revision Note: V1.1 (December 21, 2011): Added an entry to the Update FAQ to explain why this update is offered to customers running PowerPoint 2010 Service Pack 1.
    Summary: This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited either of the vulnerabilities could take complete control of an affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS11-096 - Important : Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241) - Version: 1.1
    Severity Rating: Important
    Revision Note: V1.1 (December 21, 2011): Added Microsoft Office Compatibility Pack Service Pack 3 to the Non-Affected Software table. This is an informational change only. There were no changes to the detection logic or the update files.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-3403.
  • MS11-095 - Important : Vulnerability in Active Directory Could Allow Remote Code Execution (2640045) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (December 13, 2011): Bulletin published.
    Summary: This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow remote code execution if an attacker logs on to an Active Directory domain and runs a specially crafted application. To exploit this vulnerability, an attacker would first need to acquire credentials to log on to an Active Directory domain.
  • MS11-097 - Important : Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2620712) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (December 13, 2011): Bulletin published.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to send a device event message to a higher-integrity process. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
  • MS11-093 - Important : Vulnerability in OLE Could Allow Remote Code Execution (2624667) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (December 13, 2011): Bulletin published.
    Summary: This security update resolves a privately reported vulnerability in all supported editions of Windows XP and Windows Server 2003. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section. The vulnerability could allow remote code execution if a user opens a file that contains a specially crafted OLE object. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.