Security & Mobility Now
Security is top-of-mind everywhere, especially right here where Juniper experts share their thoughts on the latest security breakthroughs and product advancements
aicasiano

July 2012 Microsoft Patch Tuesday Summary

by Juniper Employee ‎07-10-2012 08:04 PM - edited ‎07-10-2012 08:04 PM

July 2012 Microsoft Patch Tuesday Summary

 

Welcome to another edition of patch Tuesday summary blog.  This month we are patching 16 vulnerabilities over 9 bulletins.

 

Here is a list of the vulnerabilities fixed in today’s patches and the corresponding IPS signature(s) that covers the Microsoft vulnerabilties:

 

MS12-043 - Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479)

  • CVE-2012-1889 MSXML Uninitialized Memory Corruption Vulnerability
    IPS Signature(s): HTTP: STC:IE:XML-RCE

               

MS12-044 - Cumulative Security Update for Internet Explorer (2719177)

                       

MS12-045 - Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365)

 

MS12-046 - Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960)

 

MS12-047 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2718523)

  • CVE-2012-1890 Keyboard Layout Vulnerability
    IPS Signature(s): N/A - Local Elevation of Privilege not detectable over the network
  • CVE-2012-1893 Win32k Incorrect Type Handling Vulnerability
    IPS Signature(s): N/A - Local Elevation of Privilege not detectable over the network

 

MS12-048 - Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442)

 

MS12-049 - Vulnerability in TLS Could Allow Information Disclosure (2655992)

  • CVE-2012-1870 TLS Protocol Vulnerability
    IPS Signature(s): N/A – Due to the nature of the vulnerability, it is not feasible to detect this attack

MS12-050 - Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)

  • CVE-2012-1858 HTML Sanitization Vulnerability
    IPS Signature(s): HTTP: STC:IE:HTML-SANITZ
  • CVE-2012-1859 XSS scriptresx.ashx Vulnerability
    IPS Signature(s): HTTP:IIS: SP-SCRIPTRESX-XSS
  • CVE-2012-1860 SharePoint Search Scope Vulnerability
    IPS Signature(s): N/A - Insufficient technical information concerning this issue is currently available
  • CVE-2012-1861 SharePoint Script in Username Vulnerability
    IPS Signature(s): HTTP:XSS: SHAREPOINT-USER
  • CVE-2012-1862 SharePoint URL Redirection Vulnerability
    IPS Signature(s): N/A - Insufficient technical information concerning this issue is currently available
  • CVE-2012-1863 SharePoint Reflected List Parameter Vulnerability
    IPS Signature(s): HTTP:XSS: SHAREPOINT-LIST-XSS

 

MS12-051 - Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015)

  • CVE-2012-1894 Office for Mac Improper Folder Permissions Vulnerability
    IPS Signature(s): N/A – Local issue not detectable over the network

 

Remember to always be cautious when following links to other sites, as well as opening documents and email attachments, especially when the origin of the documents is unknown.  As we do every month, we’ve released a signature update to address the vulnerabilities fixed in today’s patches.  Happy patching!

 

For additional information on how you can protect your network from emerging threats, please visit http://www.juniper.net/us/en/products-services/security/srx-series/

 

 

 

 

 

 

 

 

Comments
by Distinguished Expert on ‎07-11-2012 03:43 PM

Thanks for including the signature information.

 

Steve

Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
About Security & Mobility Now

Discussing a wide range of topics impacting enterprises and
data center security.

Subscribe RSS Icon

Our Bloggers

Kyle Adams
Senior Software Engineer

Profile | Subscribe

Ritesh Agrawal
Director
Software Engineering

Profile | Subscribe

Erin K. Banks
Senior Technical Marketing Manager

Profile | Subscribe

Ajay Bharadwaj
Product Manager

Profile | Subscribe

Michael Callahan
Vice President
Product Marketing

Profile | Subscribe

Scott Emo
Director
Product Marketing

Profile | Subscribe

Mora Gozani
Senior Manager
Product Marketing

Profile | Subscribe

Ashur Kanoon
Sr. Manager
Technical Marketing

Profile | Subscribe

Seema Kathuria
Manager
Product Marketing

Profile | Subscribe

Kevin Kennedy
Senior Director
Product Management

Profile | Subscribe

Dave Killion
Software Engineer

Profile | Subscribe

Rebecca Lawson
Senior Director
Product Marketing

Profile | Subscribe

Rajoo Nagar
Senior Manager
Product Marketing

Profile | Subscribe

Erin O'Malley
Manager
Product Marketing

Profile | Subscribe

Galina Pildush
Strategy & Planning
Architect

Profile | Subscribe

Edward Roberts
Director
Product Marketing

Profile | Subscribe

Bill Shelton
Director Field Sales

Profile | Subscribe

Ashutosh Thakur
Product Line Manager

Profile | Subscribe

Troy Vennon
Software Engineer

Profile | Subscribe

Brad Woodberg
Product Manager

Profile | Subscribe

Labels
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.