Archive for the ‘TechNet’ Category
Posted in TechNet on January 10th, 2012 by TechNet
Severity Rating: Important
Revision Note: V1.0 (January 10, 2012): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file with an embedded packaged object that is located in the same network directory as a specially crafted executable file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Posted in TechNet on January 10th, 2012 by TechNet
Severity Rating: Important
Revision Note: V1.0 (January 10, 2012): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow an attacker to bypass the SafeSEH security feature in a software application. An attacker could then use other vulnerabilities to leverage the structured exception handler to run arbitrary code. Only software applications that were compiled using Microsoft Visual C++ .NET 2003 can be used to exploit this vulnerability.
Posted in TechNet on January 10th, 2012 by TechNet
Severity Rating: Important
Revision Note: V1.0 (January 10, 2012): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow an attacker to bypass the SafeSEH security feature in a software application. An attacker could then use other vulnerabilities to leverage the structured exception handler to run arbitrary code. Only software applications that were compiled using Microsoft Visual C++ .NET 2003 can be used to exploit this vulnerability.
Posted in TechNet on January 10th, 2012 by TechNet
Severity Rating: Critical
Revision Note: V1.0 (January 10, 2012): Bulletin published.
Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Posted in TechNet on December 21st, 2011 by TechNet
Severity Rating: Important
Revision Note: V1.1 (December 21, 2011): Added Microsoft Office Compatibility Pack Service Pack 3 to the Non-Affected Software table. This is an informational change only. There were no changes to the detection logic or the update files.
Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-3403.
Posted in TechNet on December 21st, 2011 by TechNet
Severity Rating: Important
Revision Note: V1.1 (December 21, 2011): Added an entry to the Update FAQ to explain why this update is offered to customers running PowerPoint 2010 Service Pack 1.
Summary: This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited either of the vulnerabilities could take complete control of an affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Posted in TechNet on December 21st, 2011 by TechNet
Severity Rating: Important
Revision Note: V1.1 (December 21, 2011): Added an entry to the Update FAQ to explain why this update is offered to customers running PowerPoint 2010 Service Pack 1.
Summary: This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited either of the vulnerabilities could take complete control of an affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Posted in TechNet on December 16th, 2011 by TechNet
Severity Rating: Important
Revision Note: V1.1 (December 16, 2011): Expanded the list of non-affected software and revised the Update FAQ to help clarify that this update may be offered to non-affected software when the vulnerable shared component of Microsoft Office is present.
Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Posted in TechNet on December 16th, 2011 by TechNet
Severity Rating: Important
Revision Note: V1.1 (December 16, 2011): Expanded the list of non-affected software and revised the Update FAQ to help clarify that this update may be offered to non-affected software when the vulnerable shared component of Microsoft Office is present.
Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Posted in TechNet on December 14th, 2011 by TechNet
Severity Rating: Important
Revision Note: V1.0 (December 13, 2011): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Office IME (Chinese). The vulnerability could allow elevation of privilege if a logged-on user performed specific actions on a system where an affected version of the Microsoft Pinyin (MSPY) Input Method Editor (IME) for Simplified Chinese is installed. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. Only implementations of Microsoft Pinyin IME 2010 are affected by this vulnerability. Other versions of Simplified Chinese IME and other implementations of IME are not affected.
