Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Windows networking components' vulnerabilities could allow remote code execution


Report ID: MS201208003
Date Published: 15 August 2012

Criticality: Critical
Compromise Type: remote-code-execution denial-of-service
Compromise From: remote


Affected Product/Component:

Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2




Summary

Four vulnerabilities had been identified in Windows networking components, three of which could allow remote code execution and one could lead to denial of service.



Detailed Description

Microsoft has issued a security update to fix four identified vulnerabilities in Windows networking components. One vulnerability, triggered by improper handling of a Remote Administration Protocol (RAP) response, could cause some of the components to stop responding. The remaining three are remote code execution vulnerabilities. They are caused by Windows Print Spooler's failure in handling specially crafted response, and Windows networking components' failure in handling a Remote Administration Protocol (RAP) response.

All four issues have been fixed through the update by making necessary corrections in the way that Windows Print Spooler and Windows networking components handle responses. Users are recommended to install the latest update for applicable system as a protection measure.



CVE Reference

CVE-2012-1850, CVE-2012-1851, CVE-2012-1852, CVE-2012-1853



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-054)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.