Security & Mobility Now
Security is top-of-mind everywhere, especially right here where Juniper experts share their thoughts on the latest security breakthroughs and product advancements
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Article Options
klynn

March 2012 Microsoft Patch Tuesday Summary

by Juniper Employee on ‎03-13-2012 10:30 AM

 

March 2012 Microsoft Patch Tuesday Summary

 

Welcome to another edition of patch Tuesday summary blog.  Last month’s patch Tuesday involved patching 21 vulnerabilities over 9 bulletins, while this month we are patching 7 new vulnerabilities over  6 bulletins.

Here is a list of the vulnerabilities fixed in today’s patches:

 

MS12-017 - Vulnerability in DNS Server Could Allow Denial of Service

  • CVE-2012-0006 - DNS Denial of Service Vulnerability

MS12-018 - Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege

  • CVE-2012-0157 - PostMessage Function Vulnerability

MS12-019 - Vulnerability in DirectWrite Could Allow Denial of Service     

  • CVE-2012-0156 - DirectWrite Application Denial of Service Vulnerability

MS12-020 - Vulnerabilities in Remote Desktop Could Allow Remote Code Execution       

  • CVE-2012-0002 - Remote Desktop Protocol Vulnerability
  • CVE-2012-0152 - Terminal Server Denial of Service Vulnerability

MS12-021 - Vulnerability in Visual Studio Could Allow Elevation of Privilege

  • CVE-2012-0008 - Visual Studio Add-In Vulnerability 

MS12-022 - Vulnerability in Expression Design Could Allow Remote Code Execution

  • CVE-2012-0016 - Expression Design Insecure Library Loading Vulnerability

 

ms-march-graph.jpg

 

As shown in the chart above, in March the number of vulnerabilities patched has dropped down. Remember to always be cautious when following links to other sites, as well as opening documents and email attachments, especially when the origin of the documents is unknown.  As we do every month, we’ve released a signature update to address the vulnerabilities fixed in today’s patches.  Happy patching!

 

For additional information on how you can protect your network from emerging threats, please visit http://www.juniper.net/us/en/products-services/security/srx-series/

Labels:
0
Comments
by Skip Khasky(anon) on ‎03-28-2012 02:51 PM
Options

Forgive my ignorance, but how does one ensure these threats are covered by their IDP policy?  In our case, we use the *Recommended* template.... woudl that template protect us from the MS12-020 RDP threat, for example?  

0
by Juniper Employee on ‎03-28-2012 04:56 PM
Options

Hello Skip!

 

  Good question.  Only loading the Recommended template will not give you protection against said RDP attack.  The signature you are looking for called "APP: Remote Desktop Remote Code Execution" is actually found in Recommended-MISC.  My recommendation is to load only this signature and not all of Recommended-MISC.  Skip,  if you have any additional questions regarding this post, please do not hesitate to add additional comments to this thread.

 

Have a great day!

Karl

0
by Skip Khasky(anon) on ‎03-28-2012 08:27 PM
Options

Thanks for the tip!  I do have one more question.....  identifying these threats and creating patches for them is great for the security of your customers' protected networks, to be sure... but finding the time to review each new one and then altering a policy to deal with them is simply not feesible in smaller companies such as mine.. 

For those of us who choose to use a vendor-delivered template, is there one you would recommend that includes things such as the patches listed in these tuesday blogs?  I would have thought 'Recommended' would have included the RDP patch, but clearly I was mistaken. That being the case, is there a more appropriate template to use?  Preferably one that covers the most common and prevelant threats, yet isn't overly consumptive of system resources...?  The IDP_Default template possibly?

Thanks in advance for the advice!

0
by Juniper Employee on ‎03-29-2012 01:33 PM
Options

Hi Skip,

 

The default Recommended Policy Template is designed to be a starting point for architecting an IDP policy:

http://kb.juniper.net/InfoCenter/index?page=content&id=KB16489

 

It is broken up by protocol and includes the most commonly used protocols seen in customer networks.

The default template can be copied and additional protocols can be added as needed.

 

Unfortunately, the RDP APP protocol was not listed as one of the common protocols in the default Recommended Policy Template. We are having an internal discussion to update the default Recommended Policy Template to include RDP APP protocol plus other protocols.

 

The IDP_Default Policy Template has all protocols listed, so the RDP APP protocol would have been included, but it has the opposite problem as it includes non-Recommended signatures. Since all protocols and non-Recommended signatures are listed, there is higher chance for false positive or possible performance impact depending on size of IDP and bandwidth going thru it.

 

I would suggest making a copy of the Recommended Policy Template and add Recommended groups on protocols that are known going thru the IDP. So if the RDP APP protocol is being used, add the appropriate [Recommended]APP - <Severity> groups to your copy of the Recommended Policy.

 

The MS12-020 RDP signature is in the [Recommended]APP - Major group and Recommended action is set to drop:

http://services.netscreen.com/documentation/signatures/APP%3AREMOTE%3ARDP-RCE.html

 

I hope this clarifies,

Alex

 

0
by Juniper Employee on ‎03-29-2012 04:36 PM
Options

Hi Skip,

 

A correction to my orginal comment. Discussing with the signature writers, the MS12-020 RDP Signature is actually in the: [Recommended]MISC - Major group. 

 

Sorry for the confusion.

 

Thanks,

Alex

 

0
Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
 
About Security & Mobility Now

Discussing a wide range of topics impacting enterprises and data center security.

Subscribe to Security & Mobility Now RSS Icon

Our Bloggers

Steve Hanna
Distinguished Engineer

Profile | Subscribe

Ashwin Krishnan
Director, Product Management

Profile | Subscribe

Oliver Tavakoli
CTO, SBU

Profile | Subscribe

Karim Toubba
VP, Product Marketing

Profile | Subscribe

Kevin Kennedy
Senior Director,
Product Management

Profile | Subscribe

Daniel V. Hoffman, CISSP, CEH, CHFI
Chief Mobile Security Evangelist

Profile | Subscribe

Kyle Adams
Senior Software Engineer

Profile | Subscribe

Tamir Hardof
Director, Product Marketing

Profile | Subscribe

Johnnie Konstantas
Director, Product Marketing

Profile | Subscribe

Galina Pildush
Product Line Engineer

Profile | Subscribe

Bill Pfeifer
Product Line Engineer

Profile | Subscribe

Rod Bachelor
Product Line Manager

Profile | Subscribe

Ashutosh Thakur
Product Line Manager

Profile | Subscribe

Stefan Fouant
Technical Trainer

Profile | Subscribe

Seema Kathuria
Product Marketing Manager

Profile | Subscribe

Erin O'Malley
Product Marketing Manager

Profile | Subscribe

Karl Lynn
Security Research Engineer

Profile | Subscribe

Gajraj Singh
Director, Product Marketing

Profile | Subscribe

Kenneth Tom
Senior Product Marketing Manager

Profile | Subscribe

Labels
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.