Symantec product detections for Microsoft monthly Security Advisories

Article Id: 156058

Status: Published

Updated On: 26-11-2018 17:09

Legacy Id: TECH183607

Products:

Critical System Protection

Issue/Introduction:

This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.

Resolution:

ID and Rating CAN/CVE ID: CVE-2012-0002
BID: 52353
Microsoft ID: MS12-020
MSKB: 2671387
Microsoft Rating: Critical

Vulnerability Type
Microsoft Remote Desktop Protocol CVE-2012-0002 Remote Code Execution Vulnerability
Remote Code Execution Vulnerability

Vulnerability Affects Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP2, Windows Vista x64 Edition SP2, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems SP1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems SP1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems SP1, Windows Server 2008 R2 for Itanium-based Systems, and Windows Server 2008 R2 for Itanium-based Systems SP1

Details

A remote code execution vulnerability affects the Remote Desktop Protocol (RDP) due to a memory issue.

An attacker can exploit this issue by sending a series of specially crafted packets to an affected service.

Successful exploits will result in the complete compromise of affected computers.

Intrusion Protection System (IPS) Response Sig ID: 25610
Detected as "Microsoft RDP CVE-2012-0002 3"

Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A

ID and Rating CAN/CVE ID: CVE-2012-0016
BID: 52375
Microsoft ID: MS12-016
MSKB: 2651018
Microsoft Rating: Important

Vulnerability Type
Microsoft Expression 'wintab32.dll' DLL Loading Arbitrary Code Execution Vulnerability
Remote Code Execution Vulnerability

Vulnerability Affects Microsoft Expression Design, SP1, 2, 3, and 4

Details

A remote code-execution vulnerability affects Expression Design due to the way it loads DLL files.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a file associated with the application from a remote WebDAV or SMB share.

Successful exploits will result in the execution of arbitrary attacker-supplied data in the context of the currently logged-in user.

Intrusion Protection System (IPS) Response Sig ID: N/A

Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: SCSPBP1: Generic Windows Interactive Protection

ID and Rating CAN/CVE ID: CVE-2012-0006
BID: 52374
Microsoft ID: MS12-017
MSKB: 2647170
Microsoft Rating: Important

Vulnerability Type Microsoft Windows DNS Server (CVE-2012-0006) Remote Denial of Service Vulnerability
Denial of Service Vulnerability

Vulnerability Affects Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for x64-based Systems SP1

Details

A denial-of-service vulnerability affects DNS service due to how it looks up a resource record of a domain.

An attacker can exploit this issue by sending a specially crafted DNS query to an affected server.

Successful exploits will cause the affected server to stop responding, effectively denying service.

Intrusion Protection System (IPS) Response Sig ID: N/A

Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A

ID and Rating CAN/CVE ID: CVE-2012-0157
BID: 52317
Microsoft ID: MS12-018
MSKB: 2641653
Microsoft Rating: Important

Vulnerability Type Microsoft Windows Kernel 'Win32k.sys' (CVE-2012-0157) Local Privilege Escalation Vulnerability
Elevation of Privilege Vulnerability

Vulnerability Affects Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP2, Windows Vista x64 Edition SP2, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems SP1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems SP1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems SP1, Windows Server 2008 R2 for Itanium-based Systems, and Windows Server 2008 R2 for Itanium-based Systems SP1

Details

A local privilege-escalation vulnerability affects the Windows kernel due to how it handles the PostMessage function.

A local attacker can exploit this issue by running a specially crafted program. Successful exploits will result in the attacker-supplied code running with kernel-level privileges.

This may facilitate a complete system compromise.

Intrusion Protection System (IPS) Response Sig ID: N/A

Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A

ID and Rating	CAN/CVE ID: CVE-2012-0152 BID: 52354 Microsoft ID: MS12-020 MSKB: 2671387 Microsoft Rating: Important
Vulnerability Type	Microsoft Remote Desktop Protocol Service CVE-2012-0152 Denial of Service Vulnerability Denial of Service Vulnerability
Vulnerability Affects	Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems SP1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems SP1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems SP1, Windows Server 2008 R2 for Itanium-based Systems, and Windows Server 2008 R2 for Itanium-based Systems SP1
Details	A remote denial-of-service vulnerability affects the Remote Desktop Protocol (RDP) due to the way it handles certain packets. An attacker can exploit this issue by sending a series of specially crafted packets to an affected service. Successful exploits will cause the service to stop responding, effectively denying service.
Intrusion Protection System (IPS) Response	Sig ID: N/A
Other Detections	AV: N/A Sygate IDS: N/A Symantec Critical System Protection IPS: N/A

ID and Rating	CAN/CVE ID: CVE-2012-0008 BID: 52329 Microsoft ID: MS12-021 MSKB: 2651019 Microsoft Rating: Important
Vulnerability Type	Microsoft Visual Studio Add-In Local Privilege Escalation Vulnerability Elevation of Privilege Vulnerability
Vulnerability Affects	Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1
Details	A local privilege-escalation vulnerability affects Visual Studio due to how it loads certain Add-ins. An attacker can exploit this issue by placing a specially crafted Add-in in the path of Visual Studio. When the application is run by another user, the attacker-supplied Add-in will run with the privileges of the victim.
Intrusion Protection System (IPS) Response	Sig ID: N/A
Other Detections	AV: N/A Sygate IDS: N/A Symantec Critical System Protection IPS: SCSPBP1: Generic Windows Interactive Protection

ID and Rating	CAN/CVE ID: CVE-2012-0156 BID: 52332 Microsoft ID: MS12-019 MSKB: 2665364 Microsoft Rating: Moderate
Vulnerability Type	Microsoft Windows 'DirectWrite' API Denial of Service Vulnerability Denial of Service Vulnerability
Vulnerability Affects	Windows Vista SP2, Windows Vista x64 Edition SP2, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems SP1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems SP1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems SP1, Windows Server 2008 R2 for Itanium-based Systems, and Windows Server 2008 R2 for Itanium-based Systems SP1
Details	A denial-of-service vulnerability affects DirectWrite when it renders a sequence of specially crafted Unicode characters. An attacker can exploit this issue by hosting specially crafted Unicode content on a webpage or sending it through an Instant Message. Successful exploits will cause the targeted application to stop responding, effectively denying service.
Intrusion Protection System (IPS) Response	Sig ID: N/A
Other Detections	AV: N/A Sygate IDS: N/A Symantec Critical System Protection IPS: N/A

ID and Rating	CAN/CVE ID: CVE-2012-0002 BID: 52353 Microsoft ID: MS12-020 MSKB: 2671387 Microsoft Rating: Critical
Vulnerability Type	Microsoft Remote Desktop Protocol CVE-2012-0002 Remote Code Execution Vulnerability Remote Code Execution Vulnerability
Vulnerability Affects	Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP2, Windows Vista x64 Edition SP2, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems SP1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems SP1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems SP1, Windows Server 2008 R2 for Itanium-based Systems, and Windows Server 2008 R2 for Itanium-based Systems SP1
Details	A remote code execution vulnerability affects the Remote Desktop Protocol (RDP) due to a memory issue. An attacker can exploit this issue by sending a series of specially crafted packets to an affected service. Successful exploits will result in the complete compromise of affected computers.
Intrusion Protection System (IPS) Response	Sig ID: 25610 Detected as "Microsoft RDP CVE-2012-0002 3"
Other Detections	AV: N/A Sygate IDS: N/A Symantec Critical System Protection IPS: N/A

ID and Rating	CAN/CVE ID: CVE-2012-0016 BID: 52375 Microsoft ID: MS12-016 MSKB: 2651018 Microsoft Rating: Important
Vulnerability Type	Microsoft Expression 'wintab32.dll' DLL Loading Arbitrary Code Execution Vulnerability Remote Code Execution Vulnerability
Vulnerability Affects	Microsoft Expression Design, SP1, 2, 3, and 4
Details	A remote code-execution vulnerability affects Expression Design due to the way it loads DLL files. An attacker can exploit this issue by tricking an unsuspecting victim into opening a file associated with the application from a remote WebDAV or SMB share. Successful exploits will result in the execution of arbitrary attacker-supplied data in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response	Sig ID: N/A
Other Detections	AV: N/A Sygate IDS: N/A Symantec Critical System Protection IPS: SCSPBP1: Generic Windows Interactive Protection

ID and Rating	CAN/CVE ID: CVE-2012-0006 BID: 52374 Microsoft ID: MS12-017 MSKB: 2647170 Microsoft Rating: Important
Vulnerability Type	Microsoft Windows DNS Server (CVE-2012-0006) Remote Denial of Service Vulnerability Denial of Service Vulnerability
Vulnerability Affects	Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for x64-based Systems SP1
Details	A denial-of-service vulnerability affects DNS service due to how it looks up a resource record of a domain. An attacker can exploit this issue by sending a specially crafted DNS query to an affected server. Successful exploits will cause the affected server to stop responding, effectively denying service.
Intrusion Protection System (IPS) Response	Sig ID: N/A
Other Detections	AV: N/A Sygate IDS: N/A Symantec Critical System Protection IPS: N/A

ID and Rating	CAN/CVE ID: CVE-2012-0157 BID: 52317 Microsoft ID: MS12-018 MSKB: 2641653 Microsoft Rating: Important
Vulnerability Type	Microsoft Windows Kernel 'Win32k.sys' (CVE-2012-0157) Local Privilege Escalation Vulnerability Elevation of Privilege Vulnerability
Vulnerability Affects	Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP2, Windows Vista x64 Edition SP2, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems SP1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems SP1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems SP1, Windows Server 2008 R2 for Itanium-based Systems, and Windows Server 2008 R2 for Itanium-based Systems SP1
Details	A local privilege-escalation vulnerability affects the Windows kernel due to how it handles the PostMessage function. A local attacker can exploit this issue by running a specially crafted program. Successful exploits will result in the attacker-supplied code running with kernel-level privileges. This may facilitate a complete system compromise.
Intrusion Protection System (IPS) Response	Sig ID: N/A
Other Detections	AV: N/A Sygate IDS: N/A Symantec Critical System Protection IPS: N/A

Symantec product detections for Microsoft monthly Security Advisories - March 2012