Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Patch Tuesday July 2012: MSXML Patched (sort of?), MDAC, IE9 (Mmm), Windows 8 glimpse

July 10, 2012

  • Blog
  • Archive
In short: Get MS12-043, MS12-045, and, if running IE9, MS12-044 patched and get back to that game of Where's My Water?

MSXML 0day fixed?

This month’s Patch Tuesday bulletins bring an end to a zeroday vulnerability within MSXML that was first announced towards the beginning of June. Specifically MS12-043 has the fix that IT folks have been waiting a month for, while exploits have floated around, even within popular exploit toolkits. That is unless of course you are one of the unlucky people using MSXML 5.0, which Microsoft has not released a fix for as they are still finishing their testing. Not sure if you are one of the unlucky ones still at risk of a zeroday within MSXML 5.0? Here is a quick breakdown: Office 2003 and 2007, Office Word Viewer, Expression Web Edition, Office SharePoint Server 2007, and Groove Server 2007. The good news (dare I say context?), however, is that MSXML 5.0 is not on the pre-approved controls list and therefore gives a big warning to users who browse to a site that tries to load the MSXML 5.0 ActiveX control.

Tasty MDAC treat

Another stand out security bulletin this month is MS12-045, which covers a vulnerability within MDAC. MDAC is something that has been exploited plenty of times in the past, including CVE-2006-0003, which was leveraged by the vast majority of exploit toolkits. This new MDAC vulnerability looks to be something that also will make its way into exploit toolkits sooner rather than later given that it affects most OS’s and is straightforward to exploit.

IE 9 Wins!

Internet Explorer 9 is not only the “faster browser” this month, but also the fastest way to get you owned. MS12-044 specifically covers a critical vulnerability that affects only Internet Explorer 9. We are always a big fan of vulnerabilities that only exist in the latest versions of Microsoft software vs. older ones. It is almost some sort of karmic payback for the number of times Microsoft has decided to patch only new versions of their software (during internal code audits) vs. back porting those fixes to older, yet still supported, versions of their software. Picture slow motion paint being dropped on some IT guy’s head while “cyber criminals” steal the company goods specifically because of IE 9. That being said, you are still better off with IE9 than any of the previous versions of IE, so if you are working in IT, don’t let your corporate overlords use this as an excuse of why Internet Explorer 6 still makes sense—we remember what happened to Google, right?

Windows 8 sneak peak?

Another notable aspect of this Patch Tuesday is the fact that Microsoft has highlighted MS12-043 and MS12-044 as affecting the Windows 8 Consumer Preview. It is an interesting glimpse into the future to know that the critical MS12-043 (MSXML vulnerability) would have affected Windows 8 as well as the Internet Explorer vulnerability covered in MS12-044. Now just because the software versions were affected does not mean that exploitation would be as straightforward under Windows 8 vs. older operating systems. Only time will tell how well Windows 8 fairs, but certainly the fact that two of the nine bulletins released today affect Windows 8 is an interesting view of what may come in the future.

DLL Preloading (Make it stop, please.)

And no Patch Tuesday would be complete without an obligatory DLL Preloading vulnerability, which this July 2012 PT serves up within bulletins MS12-046. I do not really know what to say here except that if you are still allowing WebDAV through your perimeter, then your IT friends should make fun of you in the same vein that we “pity the fool” that would have been affected by DNSChanger (i.e. users running as Admin, not restricting egress DNS to known servers, etc…). Interestingly enough, there is another vulnerability MS12-048 that, while not DLL Preloading, is also partially mitigated through a lot of the same techniques we have previously recommended in mitigating DLL Preloading.

Wrap-Up and Vulnerability Expert Forum

Rounding out the rest of the bulletins for this month is a critical privilege escalation vulnerability (MS12-047) (which has probably been roaming “power plants” for a while), another SharePoint XSS vulnerability in MS12-050, and finally a less exciting Office for Mac vulnerability in bulletin MS12-051. Don’t forget that tomorrow is our Vulnerability Expert Forum in which the BeyondTrust research team will be discussing this latest Patch Tuesday, as well as other interesting developments in security. You can sign up for the VEF here.

Scott Lang

Sr. Director, Product Marketing at BeyondTrust

Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.