Security & Mobility Now
Security is top-of-mind everywhere, especially right here where Juniper experts share their thoughts on the latest security breakthroughs and product advancements
klynn

March 2012 Microsoft Patch Tuesday Summary

by Juniper Employee on ‎03-13-2012 10:30 AM

 

March 2012 Microsoft Patch Tuesday Summary

 

Welcome to another edition of patch Tuesday summary blog.  Last month’s patch Tuesday involved patching 21 vulnerabilities over 9 bulletins, while this month we are patching 7 new vulnerabilities over  6 bulletins.

Here is a list of the vulnerabilities fixed in today’s patches:

 

MS12-017 - Vulnerability in DNS Server Could Allow Denial of Service

  • CVE-2012-0006 - DNS Denial of Service Vulnerability

MS12-018 - Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege

  • CVE-2012-0157 - PostMessage Function Vulnerability

MS12-019 - Vulnerability in DirectWrite Could Allow Denial of Service     

  • CVE-2012-0156 - DirectWrite Application Denial of Service Vulnerability

MS12-020 - Vulnerabilities in Remote Desktop Could Allow Remote Code Execution       

  • CVE-2012-0002 - Remote Desktop Protocol Vulnerability
  • CVE-2012-0152 - Terminal Server Denial of Service Vulnerability

MS12-021 - Vulnerability in Visual Studio Could Allow Elevation of Privilege

  • CVE-2012-0008 - Visual Studio Add-In Vulnerability 

MS12-022 - Vulnerability in Expression Design Could Allow Remote Code Execution

  • CVE-2012-0016 - Expression Design Insecure Library Loading Vulnerability

 

ms-march-graph.jpg

 

As shown in the chart above, in March the number of vulnerabilities patched has dropped down. Remember to always be cautious when following links to other sites, as well as opening documents and email attachments, especially when the origin of the documents is unknown.  As we do every month, we’ve released a signature update to address the vulnerabilities fixed in today’s patches.  Happy patching!

 

For additional information on how you can protect your network from emerging threats, please visit http://www.juniper.net/us/en/products-services/security/srx-series/

Comments
by Skip Khasky(anon) on ‎03-28-2012 02:51 PM

Forgive my ignorance, but how does one ensure these threats are covered by their IDP policy?  In our case, we use the *Recommended* template.... woudl that template protect us from the MS12-020 RDP threat, for example?  

by Juniper Employee on ‎03-28-2012 04:56 PM

Hello Skip!

 

  Good question.  Only loading the Recommended template will not give you protection against said RDP attack.  The signature you are looking for called "APP: Remote Desktop Remote Code Execution" is actually found in Recommended-MISC.  My recommendation is to load only this signature and not all of Recommended-MISC.  Skip,  if you have any additional questions regarding this post, please do not hesitate to add additional comments to this thread.

 

Have a great day!

Karl

by Skip Khasky(anon) on ‎03-28-2012 08:27 PM

Thanks for the tip!  I do have one more question.....  identifying these threats and creating patches for them is great for the security of your customers' protected networks, to be sure... but finding the time to review each new one and then altering a policy to deal with them is simply not feesible in smaller companies such as mine.. 

For those of us who choose to use a vendor-delivered template, is there one you would recommend that includes things such as the patches listed in these tuesday blogs?  I would have thought 'Recommended' would have included the RDP patch, but clearly I was mistaken. That being the case, is there a more appropriate template to use?  Preferably one that covers the most common and prevelant threats, yet isn't overly consumptive of system resources...?  The IDP_Default template possibly?

Thanks in advance for the advice!

by Juniper Employee on ‎03-29-2012 01:33 PM

Hi Skip,

 

The default Recommended Policy Template is designed to be a starting point for architecting an IDP policy:

http://kb.juniper.net/InfoCenter/index?page=content&id=KB16489

 

It is broken up by protocol and includes the most commonly used protocols seen in customer networks.

The default template can be copied and additional protocols can be added as needed.

 

Unfortunately, the RDP APP protocol was not listed as one of the common protocols in the default Recommended Policy Template. We are having an internal discussion to update the default Recommended Policy Template to include RDP APP protocol plus other protocols.

 

The IDP_Default Policy Template has all protocols listed, so the RDP APP protocol would have been included, but it has the opposite problem as it includes non-Recommended signatures. Since all protocols and non-Recommended signatures are listed, there is higher chance for false positive or possible performance impact depending on size of IDP and bandwidth going thru it.

 

I would suggest making a copy of the Recommended Policy Template and add Recommended groups on protocols that are known going thru the IDP. So if the RDP APP protocol is being used, add the appropriate [Recommended]APP - <Severity> groups to your copy of the Recommended Policy.

 

The MS12-020 RDP signature is in the [Recommended]APP - Major group and Recommended action is set to drop:

http://services.netscreen.com/documentation/signatures/APP%3AREMOTE%3ARDP-RCE.html

 

I hope this clarifies,

Alex

 

by Juniper Employee on ‎03-29-2012 04:36 PM

Hi Skip,

 

A correction to my orginal comment. Discussing with the signature writers, the MS12-020 RDP Signature is actually in the: [Recommended]MISC - Major group. 

 

Sorry for the confusion.

 

Thanks,

Alex

 

Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
About Security & Mobility Now

Discussing a wide range of topics impacting enterprises and
data center security.

Subscribe RSS Icon

Our Bloggers

Kyle Adams
Senior Software Engineer

Profile | Subscribe

Ritesh Agrawal
Director
Software Engineering

Profile | Subscribe

Erin K. Banks
Senior Technical Marketing Manager

Profile | Subscribe

Ajay Bharadwaj
Product Manager

Profile | Subscribe

Paul Bristow
Senior Director
Product Management

Profile | Subscribe

Michael Callahan
Vice President
Product Marketing

Profile | Subscribe

Henrik Davidsson
Director
Security Sales

Profile | Subscribe

Scott Emo
Director
Product Marketing

Profile | Subscribe

Mora Gozani
Senior Manager
Product Marketing

Profile | Subscribe

Steve Hanna
Distinguished Engineer

Profile | Subscribe

Ashur Kanoon
Sr. Manager
Technical Marketing

Profile | Subscribe

Seema Kathuria
Manager
Product Marketing

Profile | Subscribe

Kevin Kennedy
Senior Director
Product Management

Profile | Subscribe

Dave Killion
Software Engineer

Profile | Subscribe

Rebecca Lawson
Senior Director
Product Marketing

Profile | Subscribe

Rajoo Nagar
Senior Manager
Product Marketing

Profile | Subscribe

Erin O'Malley
Manager
Product Marketing

Profile | Subscribe

Galina Pildush
Strategy & Planning
Architect

Profile | Subscribe

Edward Roberts
Director
Product Marketing

Profile | Subscribe

Bill Shelton
Director Field Sales

Profile | Subscribe

Ashutosh Thakur
Product Line Manager

Profile | Subscribe

Troy Vennon
Software Engineer

Profile | Subscribe

Brad Woodberg
Product Manager

Profile | Subscribe

Labels
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.