Symantec product detections for Microsoft monthly Security Advisories - March 2012

book

Article ID: 156058

calendar_today

Updated On:

Products

Critical System Protection

Issue/Introduction

This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.

Resolution

ID and Rating CAN/CVE ID:  CVE-2012-0002
BID: 52353
Microsoft ID: MS12-020
MSKB: 2671387
Microsoft Rating: Critical
Vulnerability Type

Microsoft Remote Desktop Protocol CVE-2012-0002 Remote Code Execution Vulnerability
Remote Code Execution Vulnerability

Vulnerability Affects Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP2, Windows Vista x64 Edition SP2, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems SP1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems SP1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems SP1, Windows Server 2008 R2 for Itanium-based Systems, and Windows Server 2008 R2 for Itanium-based Systems SP1
Details
  • A remote code execution vulnerability affects the Remote Desktop Protocol (RDP) due to a memory issue.
  • An attacker can exploit this issue by sending a series of specially crafted packets to an affected service.
  • Successful exploits will result in the complete compromise of affected computers.
Intrusion Protection System (IPS) Response Sig ID: 25610
Detected as "Microsoft RDP CVE-2012-0002 3"
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A
ID and Rating CAN/CVE ID: CVE-2012-0016
BID: 52375
Microsoft ID: MS12-016
MSKB: 2651018
Microsoft Rating: Important
Vulnerability Type

Microsoft Expression 'wintab32.dll' DLL Loading Arbitrary Code Execution Vulnerability
Remote Code Execution Vulnerability

Vulnerability Affects Microsoft Expression Design, SP1, 2, 3, and 4
Details
  • A remote code-execution vulnerability affects Expression Design due to the way it loads DLL files.
  • An attacker can exploit this issue by tricking an unsuspecting victim into opening a file associated with the application from a remote WebDAV or SMB share.
  • Successful exploits will result in the execution of arbitrary attacker-supplied data in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: SCSPBP1: Generic Windows Interactive Protection
 ID and Rating CAN/CVE ID: CVE-2012-0006
BID: 52374
Microsoft ID: MS12-017
MSKB: 2647170
Microsoft Rating: Important
 Vulnerability Type Microsoft Windows DNS Server (CVE-2012-0006) Remote Denial of Service Vulnerability
Denial of Service Vulnerability
 Vulnerability Affects Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for x64-based Systems SP1
 Details
  • A denial-of-service vulnerability affects DNS service due to how it looks up a resource record of a domain.
  • An attacker can exploit this issue by sending a specially crafted DNS query to an affected server.
  • Successful exploits will cause the affected server to stop responding, effectively denying service.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A
ID and Rating CAN/CVE ID: CVE-2012-0157
BID: 52317
Microsoft ID: MS12-018
MSKB: 2641653
Microsoft Rating: Important
Vulnerability Type Microsoft Windows Kernel 'Win32k.sys' (CVE-2012-0157) Local Privilege Escalation Vulnerability
Elevation of Privilege Vulnerability
 Vulnerability Affects Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP2, Windows Vista x64 Edition SP2, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems SP1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems SP1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems SP1, Windows Server 2008 R2 for Itanium-based Systems, and Windows Server 2008 R2 for Itanium-based Systems SP1 
 Details
  • A local privilege-escalation vulnerability affects the Windows kernel due to how it handles the PostMessage function.
  • A local attacker can exploit this issue by running a specially crafted program. Successful exploits will result in the attacker-supplied code running with kernel-level privileges.
  • This may facilitate a complete system compromise.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A

 

 ID and Rating CAN/CVE ID: CVE-2012-0152
BID: 52354
Microsoft ID: MS12-020
MSKB: 2671387
Microsoft Rating: Important
 Vulnerability Type

Microsoft Remote Desktop Protocol Service CVE-2012-0152 Denial of Service Vulnerability
Denial of Service Vulnerability

 Vulnerability Affects Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems SP1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems SP1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems SP1, Windows Server 2008 R2 for Itanium-based Systems, and Windows Server 2008 R2 for Itanium-based Systems SP1
 Details
  • A remote denial-of-service vulnerability affects the Remote Desktop Protocol (RDP) due to the way it handles certain packets.
  • An attacker can exploit this issue by sending a series of specially crafted packets to an affected service.
  • Successful exploits will cause the service to stop responding, effectively denying service.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A
 ID and Rating CAN/CVE ID: CVE-2012-0008
BID: 52329
Microsoft ID: MS12-021
MSKB: 2651019
Microsoft Rating: Important
 Vulnerability Type Microsoft Visual Studio Add-In Local Privilege Escalation Vulnerability
Elevation of Privilege Vulnerability
 Vulnerability Affects Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1
 Details
  • A local privilege-escalation vulnerability affects Visual Studio due to how it loads certain Add-ins.
  • An attacker can exploit this issue by placing a specially crafted Add-in in the path of Visual Studio.
  • When the application is run by another user, the attacker-supplied Add-in will run with the privileges of the victim.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: SCSPBP1: Generic Windows Interactive Protection
 ID and Rating CAN/CVE ID: CVE-2012-0156
BID: 52332
Microsoft ID: MS12-019
MSKB: 2665364
Microsoft Rating: Moderate
 Vulnerability Type Microsoft Windows 'DirectWrite' API Denial of Service Vulnerability
Denial of Service Vulnerability
 Vulnerability Affects Windows Vista SP2, Windows Vista x64 Edition SP2, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems SP1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems SP1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems SP1, Windows Server 2008 R2 for Itanium-based Systems, and Windows Server 2008 R2 for Itanium-based Systems SP1
 Details
  • A denial-of-service vulnerability affects DirectWrite when it renders a sequence of specially crafted Unicode characters.
  • An attacker can exploit this issue by hosting specially crafted Unicode content on a webpage or sending it through an Instant Message.
  • Successful exploits will cause the targeted application to stop responding, effectively denying service.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A