Software

Patch Tuesday April 2012 – Patching Multiple Web Based Client Side and Spearphishing Exposures

This month’s patch Tuesday fixes a small set of critical vulnerabilities in a variety of client side software and one “important” server side Forefront UAG data leakage/information disclosure issue. Six bulletins have been created to address eleven exploitable flaws. Three of the six bulletins are top priority and should be addressed ASAP. These are the MS12-023 bulletin, patching a set of five Internet Explorer vulnerabilities leading to remote code execution, and the MS12-027 bulletin, patching the MSCOMCTL ActiveX Control currently receiving some attention as a part of very limited targeted attacks. If they must prioritize deployment, administrators should start their work here. Most folks should have automatic updates enabled and will silently receive the patches, or they can simply navigate their start menu and manually begin the Windows update process.

RCE attacks abusing these six IE and ActiveX vulnerabilities would look like web browser redirections to malicious sites hosting web pages attacking Internet Explorer and emails carrying malicious attachments constructed to appear familiar to the targeted victim. These are currently significant vectors of attack for both consumer/home and corporate Microsoft product users.

Microsoft also is recommending that administrators prioritize the Authenticode flaw and rated it critical, which could be used as a part of targeted attacks. And ActiveX controls can be delivered leveraging this vulnerability, so some distribution vectors may become enhanced. But this flaw allows for additions and modifications to existing code that in turn won’t invalidate the existing signature.

A vulnerability exists in the .Net framework, allowing for XBAP applications to be run from the Internet Zone with a prompt. But anytime a decision like that is left to a user, it seems that we have a 50/50 chance of successful exploitation. The remaining vulnerabilty in the Office converter is significant and may result in RCE, but is much less likely to be attacked.

Dangerous, but manageable.

Patch Tuesday April 2012 – Patching Multiple Web Based Client Side and Spearphishing Exposures

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q3 2021

The APT trends reports are based on our threat intelligence research and provide a representative snapshot of what we have discussed in greater detail in our private APT reports. This is our latest installment, focusing on activities that we observed during Q3 2021.

Lyceum group reborn

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

Subscribe to our weekly e-mails

The hottest research right in your inbox