June 14, 2021

Microsoft fixes remote code execution vulnerabilities some of which are already being exploited

(LiveHacking.Com) – As anticipated, Microsoft has released nine security bulletins as part of Patch Tuesday. Of the nine bulletins five are rated as Critical and four as Important. In total they address 26 vulnerabilities in Microsoft Windows, Internet Explorer, Exchange Server, SQL Server, Server Software, Developer Tools, and Office. All of the Critical level bulletins fix Remote Code Execution vulnerabilities.

The first Critical set of fixes (MS12-052) is for Internet Explorer, the most severe of which could allow remote code execution if a user views a specially crafted webpage. The vulnerabilities are rated as Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows XP, Vista and 7. The fix modifies the way that Internet Explorer handles objects in memory.

The second Critical bulletin addresses issues with in the Remote Desktop Protocol. This isn’t the first time Microsoft have had to fix the protocol which is used by millions to control remote machines (including web server running and exposed on the Internet). Back in March, Microsoft fixed a bug in RDP which exposed over 5 million machines on the Internet after an exploit was developed for the vulnerability. The latest set of fixes (MS12-053) sounds very similar to previous RDP bugs. According to Microsoft, “The vulnerability could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system.” However one bit of good news is that the bug only affects Windows XP. To fix the problem, Microsoft has changed the way that the Remote Desktop Protocol processes packets in memory.

The next Critical bulletin (MS12-054) resolves four privately reported vulnerabilities in the Windows print spooler. These vulnerabilities could allow remote code execution if an attacker sends a specially crafted response to the spooler. This security update is rated Critical for all supported editions of Windows XP and Windows Server 2003; Important for all supported editions of Windows Vista; and Moderate for all supported editions of Windows Server 2008, Windows 7, and Windows 2008 R2. As part of the fix the code has been changed to correct the way the Windows Print Spooler handles specially crafted responses and how Windows networking components handle Remote Administration Protocol (RAP) responses.

The fourth bulletin (MS12-060) is already seeing some targeted attacks attempting to exploit this vulnerability, but there is no public proof-of-concept code published yet. This security update resolves a vulnerability in the Windows common controls and since multiple software products utilize Windows Common Controls , and the issues addressed in this bulletin affect Microsoft Office, SQL Server, Server Software, and Developer Tools. The vulnerability could allow remote code execution if a user visits a website containing specially crafted content designed to exploit the vulnerability.

Finally, MS12-058 resolves publicly disclosed vulnerabilities in Microsoft Exchange Server WebReady Document Viewing. The vulnerabilities could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA).  The vulnerabilities are actually in Oracle’s Outside In libraries, that are used in Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, and FAST Search Server 2010 for SharePoint. The Outside In libraries were recently updated as part a Critical Patch Update released by Oracle.