Microsoft Security Bulletin Summary for April 2012

Blog Post created by mjc on Apr 13, 2012

Many_patches.jpgMicrosoft Security Bulletin Summary for April 2012 contains six bulletins, four of which are rated “critical”.  All of the critical bulletins would result in remote code execution. One of the important bulletins – MS12-028 – could also be looked on as critical because it’s easy to exploit and results in remote code execution.


MS12-023 is a cumulative security update for Internet Explorer that patches six vulnerabilities. This should be the top priority for organizations as users could be compromised by drive-by exploits from web pages with specially crafted malicious content.


MS12-024 is a critical update that patches remote code execution possibilities on all current Windows operating systems. This vulnerability is perfect for attackers to weaponize legitimate executables, but in reality if users are allowed to execute arbitrary executables they likely have bigger issues than this bulletin.


MS12-025 is another critical remote code execution vulnerability and affects all Windows operating systems running .NET Framework. This vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). If you can't patch immediately, this issue should be mitigated by disabling XAML applications in the browser security settings.


MS12-027 is a critical bulletin that affects essentially all Microsoft’s applications, including Microsoft Office, Microsoft SQL Server, Microsoft Server Software, and Microsoft Developer Tools. An attack would be able to remotely execute code by having a victim open a malicious file or go to a malicious website. This is a basic data handling vulnerability at the core of Microsoft applications. Organizations should really pay attention and patch this vulnerability since it is reported that attackers are using an exploit against this in the wild.


MS12-026 is categorized as important and relates to an information disclosure vulnerability with Microsoft Forefront United Access Gateway. Attackers could possibly perform reconnaissance on an organization running the product on the Internet by sending a specialized query.


MS12-028 is labeled as important and is a Microsoft Office malicious Works file vulnerability that could result in remote code execution. This one could easily be disputed and ranked as critical by many. The only thing it's missing is automatic administrative privileges. The attacker is limited to the permissions of the user that opens up a malicious document.