Microsoft Security Bulletin Summary for March 2012

Blog Post created by mjc on Mar 14, 2012

Many_patches.jpgThe Microsoft Security Bulletin Summary for March 2012 covers one critical, four important bulletins, and one moderate for a total of six bulletins.


MS12-020 is labeled as critical and affects all Windows XP Service Pack 3, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 that are running remote desktop protocol (RDP). RDP is used for remote management by many organizations, and this will remind people of the pcAnywhere vulnerabilities in the press recently.


MS12-020 will affect most organizations and is labeled critical because it could result in remote code execution. Organizations should immediately disable RDP where it is not needed. Organizations should also apply appropriate ingress firewall rules where they can. Organizations should be ready to test and deploy the patch as soon as possible. RDP is not enabled by default, but many times it is turned on for administration tasks and just left enabled.


MS12-017 and MS12-018 are both labeled as important and also effect the Windows family. MS12-017 is denial-of-service-related and will only affect people running Microsoft's DNS server. MS012-018 is perfect for post exploitation when an attacker needs to escalate their privileges to the administrator level. MS12-017, MS12-018, and MS12-020 require organizations to reboot after applying the updates.


MS12-021 affects Microsoft Visual Studio 2008 Service Pack 1, Microsoft Visual Studio 2010, and Microsoft Visual Studio 2010 Service Pack 1. This bulletin addresses a Visual Studio flaw, which can result in a privilege escalation if an attacker was able to acquire valid credentials.


MS12-022 is labeled as important and addresses a remote code execution in Microsoft Expression Design.  Its purpose is to allow web designers to leverage vector graphics in web applications. This vulnerability can be exploited by an attacker crafting malicious file formats for an unsuspecting victim to open. Due to Adobe's dominance in the graphics and web design space, I don't believe this will affect the average organization.


S12-019 is labeled as moderate and exploitation of it could result in a denial of service.  It seems to have been introduced with Windows Vista and it always hurts when you introduce security-related technical debt in your newer products like this. Microsoft's goal is to eliminate technical debt in their older code base, while improving security in newer products.