Ms.bulletin Feb2012
-
Upload
minh-viet-vu -
Category
Documents
-
view
219 -
download
0
Transcript of Ms.bulletin Feb2012
8/2/2019 Ms.bulletin Feb2012
http://slidepdf.com/reader/full/msbulletin-feb2012 1/4
Microsoft sẽ phát hành 9 bản cập nhật bảo mật vào ngày 14/2
Microsoft cho bi t s cung c p các b n vá l i b o m t cho Windows và các s nế ẽ ấ ả ỗ ả ậ ả ph m khác c a Microsoft vào ngày 14/2/2012 t i đây.ẩ ủ ớ Theo đó, Microsoft thông báo r ng s có không ít h n 9 b n c p nh t b o m t,ằ ẽ ơ ả ậ ậ ả ậ trong s đó có đ n 4 b n vá đ c cho là “nghiêm tr ng” cùng v i 5 b n vá l iố ế ả ượ ọ ớ ả ỗ còn l i đ c đánh giá là “quan tr ng”. 7 trong s 9 b n c p nh t đ vá các lạ ượ ọ ố ả ậ ậ ể ỗ h ng cho phép th c thi mã t xa, trong khi hai b n c p nh t còn l i đ u thu cổ ự ừ ả ậ ậ ạ ề ộ lo i "Elevation of Privilege".ạMicrosoft c ng cho bi t các b n vá l i này s s a ch a các v n đ trongũ ế ả ỗ ẽ ử ữ ấ ề Windows, Internet Explorer, .NET Framework, Silverlight, Office và MicrosoftServer Software.Ngoài các b n vá l i, Microsoft s cung c p phiên b n m i c a Windowsả ỗ ẽ ấ ả ớ ủ Malicious Software Removal Tool thông qua Windows Update, Microsoft Update,Windows Server Update Services và Download Center.Ng i dùng Windows s d ng tính n ng Automatic Update đ c kích ho t trênườ ử ụ ă ượ ạ
máy s nh n đ c nh ng thay đ i ngay l p t c mà không c n ph i t i v và càiẽ ậ ượ ữ ổ ậ ứ ầ ả ả ề đ t b ng tay. Nh ng ng i không s d ng tính n ng Automatic Update c n ph iặ ằ ữ ườ ử ụ ă ầ ả th c hi n vi c c p nh t theo h ng d n.ự ệ ệ ậ ậ ướ ẫMicrosoft s t ch c m t webcast (t ng t nh m t ch ng trình t v n trênẽ ổ ứ ộ ươ ự ư ộ ươ ư ấ truy n hình) đ gi i quy t các câu h i c a khách hàng d a trên các b n tin b o ề ể ả ế ỏ ủ ự ả ả m t vào ngày 15/2/2012, lúc 11 gi sáng (theo múi gi M và Canada).ậ ờ ờ ỹNh ng ng i mu n đ ng kí webcast có th đ ng kí thông qua trang webữ ườ ố ă ể ă này.
Microsoft Security Bulletins For February 2012 Released
Microsoft today has released this month’s security updates. A total of nine security bulletins have been released, of which four address vulnerabilities with a maximum severity rating of critical. This
means that at least one Microsoft product is affected critically by the vulnerability. Six bulletins fix
issues in the Windows operating system, two in Microsoft Office and one each in Internet Explorer,
Microsoft Server Software, Microsoft Silverlight and the Microsoft .Net Framework.
Both Windows 7 and Windows Vista are affected by four critical and one important vulnerability
each, while Windows XP is only affected by three critical and two important vulnerabilities.
Here are the bulletins for February 2012:
• MS12-008 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow RemoteCode Execution (2660465) – This security update resolves a privately reported vulnerability
and a publicly disclosed vulnerability in Microsoft Windows. The more severe of these
vulnerabilities could allow remote code execution if a user visits a website containing
specially crafted content or if a specially crafted application is run locally. An attacker would
have no way to force users to visit a malicious website. Instead, an attacker would have to
convince users to visit the website, typically by getting them to click a link in an email
message or Instant Messenger message that takes them to the attacker’s website.
• MS12-010 – Cumulative Security Update for Internet Explorer (2647516) – This security
update resolves four privately reported vulnerabilities in Internet Explorer. The most severe
vulnerabilities could allow remote code execution if a user views a specially crafted web page
using Internet Explorer. An attacker who successfully exploited any of these vulnerabilitiescould gain the same user rights as the logged-on user. Users whose accounts are configured to
1
8/2/2019 Ms.bulletin Feb2012
http://slidepdf.com/reader/full/msbulletin-feb2012 2/4
have fewer user rights on the system could be less impacted than users who operate with
administrative user rights.
• MS12-013 – Vulnerability in C Run-Time Library Could Allow Remote Code Execution
(2654428) – This security update resolves a privately reported vulnerability in Microsoft
Windows. The vulnerability could allow remote code execution if a user opens a specially
crafted media file that is hosted on a website or sent as an email attachment. An attacker who
successfully exploited the vulnerability could gain the same user rights as the local user. Userswhose accounts are configured to have fewer user rights on the system could be less impacted
than users who operate with administrative user rights.
• MS12-016 – Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow
Remote Code Execution (2651026) – This security update resolves one publicly disclosed
vulnerability and one privately reported vulnerability in Microsoft .NET Framework and
Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client
system if a user views a specially crafted web page using a web browser that can run XAML
Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are
configured to have fewer user rights on the system could be less impacted than users who
operate with administrative user rights.
• MS12-009 – Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640) – This security update resolves two privately reported vulnerabilities in
Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs
on to a user’s system and runs a specially crafted application. An attacker must have valid
logon credentials and be able to log on locally to exploit the vulnerabilities.
• MS12-011 – Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege
(2663841) – This security update resolves three privately reported vulnerabilities in Microsoft
SharePoint and Microsoft SharePoint Foundation. These vulnerabilities could allow elevation
of privilege or information disclosure if a user clicked a specially crafted URL.
• MS12-012 – Vulnerability in Color Control Panel Could Allow Remote Code Execution
(2643719) – This security update resolves one publicly disclosed vulnerability in Microsoft
Windows. The vulnerability could allow remote code execution if a user opens a legitimate
file (such as an .icm or .icc file) that is located in the same directory as a specially crafted
dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability
could gain the same user rights as the logged-on user. Users whose accounts are configured to
have fewer user rights on the system could be less impacted than users who operate with
administrative user rights.
• MS12-014 – Vulnerability in Indeo Codec Could Allow Remote Code Execution
(2661637) – This security update resolves one publicly disclosed vulnerability in Microsoft
Windows. The vulnerability could allow remote code execution if a user opens a legitimate
file (such as an .avi file) that is located in the same directory as a specially crafted dynamic
link library (DLL) file. An attacker who successfully exploited this vulnerability could runarbitrary code as the logged-on user. An attacker could then install programs; view, change, or
delete data; or create new accounts with full user rights. If a user is logged on with
administrative user rights, an attacker could take complete control of the affected system.
Users whose accounts are configured to have fewer user rights on the system could be less
impacted than users who operate with administrative user rights.
• MS12-015 – Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code
Execution (2663510) – This security update resolves five privately reported vulnerabilities in
Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a
specially crafted Visio file. An attacker who successfully exploited these vulnerabilities could
gain the same user rights as the logged-on user. Users whose accounts are configured to have
fewer user rights on the system could be less impacted than users who operate withadministrative user rights.
2
8/2/2019 Ms.bulletin Feb2012
http://slidepdf.com/reader/full/msbulletin-feb2012 3/4
You can access the bulletin summary here on this page.
Windows Update has already picked up the new updates. You may need to run a manual check for
updates though. Windows Vista and Windows 7 users can open the control panel either by pasting
Control Panel\All Control Panel Items\Windows Update into an Explorer window, or by searching
for Windows Update in the start menu.
A click on Check for Updates there retrieves the most recent update information from Microsoft.
Users who do not want to or cannot update via Windows Update find all security updates at
Microsoft’s official download repository.
Update: Microsoft has posted the Bulletin Deployment Priority chart and the Severity and
Exploitability Index. Images below.
3
8/2/2019 Ms.bulletin Feb2012
http://slidepdf.com/reader/full/msbulletin-feb2012 4/4
You can read up on this month’s bulletins at the Microsoft Security Response Center.
Update: The February 2012 Security Release ISO Image is available now as well.
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the
latest technology news and tips, or share the article with your friends and contacts on Facebook or
Twitter.
4