Microsoft released seven bulletins fixing 23 vulnerabilities in their patch Tuesday announcement today. The Redmond, Wash., software giant rated three of the bulletins as ‘critical,’ all of which could lead to remote code execution, and the remaining four as ‘important.’
The first critical bulletin resolves a privately reported bug in Microsoft Office through which an attacker could remotely execute code after the user opens a specially crafted RTF file. Upon successful exploitation, the attacker would possess the same user rights as the current user. Users with fewer user rights would be less impacted than those that operate with administrative user rights.
The second patch resolves three publicly disclosed bugs and seven privately disclosed ones in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework, and Microsoft Silverlight. These could also lead to remote code execution if an attacker can find a way to trick users into opening a specially crafted document or visiting a webpage that embeds TrueType font files.
This set of vulnerabilities fixed by the MS12-034 patch is designed to fix one of the vulnerabilities exploited by the Duqu malware. Microsoft had already patched that bug in other applications, but in the last few months it had discovered that a snippet of code that was part of the CVE-2011-3402 vulnerability was present in other places in Microsoft products, as well.
“In the time since we shipped MS11-087, we discovered that several Microsoft products contained a copy of win32k.sys’s font parsing code. Unfortunately, each copy of the code also contained the vulnerability addressed by MS11-087. The most troublesome copy was in gdiplus.dll. We know that several third party applications – 3rd party browsers in particular – might use gdiplus.dll to parse and render custom fonts. Microsoft Office’s version of gdiplus, called ogl.dll, also contained a copy of the vulnerable code. Silverlight included a copy of the vulnerable code. And the Windows Journal viewer included a copy of the vulnerable code,” Microsoft said in a blog post today.
“In addition to addressing the vulnerabilities described in the bulletin, this security update also closes the malicious keyboard layout file attack vector. Windows Vista introduced a requirement that all keyboard layout files be loaded from %windir%system32. MS12-034 ports that change downlevel to Windows XP and Windows Server 2003 as well.”
The last critically rated patch fixes two privately reported vulnerabilities in Windows and the .NET Framework. These could allow for remote code execution on client systems where the user views a specially crafted webpage that can run XAML browser applications. Again, users with fewer rights are less impacted.
As for the four important patches remaining, the first resolves six vulnerabilities in Microsoft office and the second resolves one vulnerability in Microsoft Visio viewer. Both vulnerabilities, if left unpatched, could lead to remote code execution. The last two important patches could both lead to elevation of privileges. The first resolves two bugs in TCP/IP and the second resolves a vulnerability in Windows Partition Manager.
You can find the bulletin summary here on Microsoft’ TechNet blog.