Multiple vulnerabilities in Microsoft Windows

Posted: December 12, 2012 in Vulnerabilities
Tags: , , , , ,

Vulnerabilities in Microsoft Windows

Vulnerabilities in Microsoft Windows

Multiple vulnerabilities in Microsoft Windows

1. Vulnerability in the processing of checking revocation IP-HTTPS certificates in Microsoft Windows

Danger: Low
Patch: Yes
Number of vulnerabilities: 1

CVE ID: CVE-2012-2549
Vector of operation: Remote
Impact: Security Bypass

Affected Products: Microsoft Windows Server 2008, Windows Server 2012

Affected versions: Microsoft Windows 2008 R2, Windows 2012

Description:

Which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to insufficient authentication certificates in IP-HTTPS component. A remote user can use the revoked certificate as valid.

Manufacturer URL: www.microsoft.com

Solution: Install the update from the manufacturer.

Link:

Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass

2. Arbitrary code execution in Microsoft Windows in DirectPlay

Danger: High
Patch: Yes
Number of vulnerabilities: 1

CVE ID: CVE-2012-1537
Vector of operation: Remote
Impact: System Compromise

Affected Products: Microsoft Windows XP Professional, XP Home Edition, Server 2003 Web Edition, Server 2003 Standard Edition, Server 2003 Enterprise Edition, Server 2003 Datacenter Edition, Storage Server 2003, Windows Vista, Windows 7, Server 2008, Windows 8, Server 2012

Affected versions:  Windows XP, Windows 2003, Windows Vista, Windows 2008, Windows 7, Windows 2008 R2, Windows 8, Windows 2012

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

An error in the processing of data DirectPlay. This can be exploited using a document Office, containing a specially crafted data DirectPlay heap overflow and execute arbitrary code on the target system.

Manufacturer URL: www.microsoft.com

Solution: Install the update from the manufacturer.

Link:

Vulnerability in DirectPlay Could Allow Remote Code Execution

3. Vulnerability when processing file names in Microsoft Windows

Danger: High
Patch: Yes
Number of vulnerabilities: 1

CVE ID: CVE-2012-4774
Vector of operation: Remote
Impact: System Compromise

Affected Products: Microsoft Windows XP Home Edition, Windows XP Professional, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Datacenter Edition, Windows Storage Server 2003, Windows Vista, Windows 7, Windows Server 2008

Affected versions: Microsoft Windows XP, Microsoft Windows 2003, Microsoft Windows Vista, Microsoft Windows 2008, Microsoft Windows 7, Microsoft Windows 2008 R2

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to insufficient bounds checking when processing a file or directory. This can be exploited via a specially crafted file or folder to execute arbitrary code on the target system.

Manufacturer URL: www.microsoft.com

Solution: Install the update from the manufacturer.

Link:

Vulnerability in Windows File Handling Component Could Allow Remote Code Execution

4. Multiple vulnerabilities in the kernel of Microsoft Windows

Danger: High
Patch: Yes
Number of vulnerabilities: 2

CVE ID: CVE-2012-2556
CVE-2012-4786
Vector of operation: Remote
Impact: System Compromise

Affected Products: Microsoft Windows XP Home Edition, Windows XP Professional, Windows Server 2003 Web Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Datacenter Edition, Windows Storage Server 2003, Microsoft Windows Vista, Microsoft Windows Server 2008 , Microsoft Windows 7, Microsoft Windows 8, Microsoft Windows Server 2012

Affected versions: Windows XP, Windows 2003, Windows Vista, Windows 2008, Windows 7, Windows 2008 R2, Windows 8, Windows 2012

Description:

Which can be exploited by malicious people to execute arbitrary code on the target system.

1. An error in the processing of OpenType fonts. This can be exploited via a specially crafted OpenType font to execute arbitrary code on the target system.

2. An error in the processing of TrueType fonts. This can be exploited via a specially crafted TrueType font to execute arbitrary code on the target system.

Manufacturer URL: www.microsoft.com

Solution: Install the update from the manufacturer.

Link:

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s