CERT-In Advisory
CIAD-2012-0046
Multiple Vulnerabilities in Microsoft Products
Original Issue Date: October 10, 2012
Systems Affected
- Windows XP SP 3
- Windows XP Professional x64 Edition SP 2
- Windows Server 2003 SP 2 (32,64 and itanium based editions)
- Windows Vista SP 2 (32 & 64 bit editions)
- Windows Server 2008 SP 2 (32,64 and itanium based editions)
- Windows 7 & SP1(32 & 64 bit editions)
- Windows Server 2008 (32 & 64)
- Windows Server 2008 & SP1( x64 & itanium based)
Component Affected
- SQL Server 2005 SP4 (32 , 64, Itanium based) and
- Advanced Services SP
- SQL Server 2008 SP 2 & 3 (32 , 64, Itanium based)
- SQL Server 2008 R2 SP1 (32,64 and itanium based editions)
- SQL Server 2012 (32 & 64)
- Microsoft Office 2003 SP 3
- Microsoft Office 2007 SP 2 & SP3
- Microsoft Office 2010 SP 1 (32 & 64 bit editions)
- Microsoft Word Viewer
- Word Automation Services
- Microsoft Office Compatibility Pack SP 2, 3
- Microsoft SharePoint Server 2010 SP 1
- Microsoft SharePoint Server 2007 SP 2 , SP 3 (32 & 64 bit editions)
- Microsoft Windows SharePoint Services 3.0 SP 2 (32 & 64 bit editions)
- Microsoft SharePoint Foundation 2010 SP 1
- Microsoft Office Web Apps 2010 SP 1
- Microsoft Works 9
- Microsoft InfoPath 2007 SP 2, SP 3
- Microsoft InfoPath 2010 SP 1 (32 & 64 bit editions)
- Microsoft Lync 2010 (32 & 64 bit editions)
- Microsoft Communicator 2007 R2
- Microsoft Lync 2010 Attendee
- Microsoft Groove Server 2010 SP 1
- Microsoft FAST Search Server 2010 for SharePoint SP 1
Overview
Multiple Vulnerabilities have been reported in various components of Microsoft Products
Description
The vulnerability notes released by CERT-In with reference to Microsoft Security Bulletins are given below:
| Microsoft Security Bulletin |
Severity |
CERT-In Vulnerability Notes |
| MS12-064:Vulnerabilities in Microsoft Word Could Allow Remote Code Execution |
High |
CIVN-2012-0098
Remote Code Execution Vulnerabilities in Microsoft Word
|
| MS12-065:Vulnerability in Microsoft Works Could Allow Remote Code Execution |
High |
CIVN-2012-0099
Microsoft Works Heap Remote Code Execution Vulnerability
|
| MS12-066:Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege |
Medium |
CIVN-2012-0100
Microsoft Products HTML Processing Cross-Site Scripting Vulnerability
|
| MS12-067:Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution |
High |
CIVN-2012-0101
Microsoft FAST Search Server Oracle Outside In Remote Code Execution Vulnerabilities
|
| MS12-068:Vulnerability in Windows Kernel Could Allow Elevation of Privilege |
Medium |
CIVN-2012-0102
Microsoft Windows Kernel win32k.sys Driver Integer Overflow Vulnerability
|
| MS12-069:Vulnerability in Kerberos Could Allow Denial of Service |
Medium |
CIVN-2012-0103
Vulnerability in Kerberos Could Allow Denial of Service
|
| MS12-070:Vulnerability in SQL Server Could Allow Elevation of Privilege |
Medium |
CIVN-2012-0104
Microsoft SQL Server Report Manager Reflected Cross Site Scripting Vulnerability
|
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin October 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-oct
Vendor Information
Microsoft Corporation
http://technet.microsoft.com/en-us/security/bulletin/ms12-oct
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|