Windows networking components' vulnerabilities could allow remote code execution
Report ID: MS201208003
Date Published: 15 August 2012
Compromise Type: remote-code-execution denial-of-service
Compromise From: remote
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Four vulnerabilities had been identified in Windows networking components, three of which could allow remote code execution and one could lead to denial of service.
Microsoft has issued a security update to fix four identified vulnerabilities in Windows networking components. One vulnerability, triggered by improper handling of a Remote Administration Protocol (RAP) response, could cause some of the components to stop responding. The remaining three are remote code execution vulnerabilities. They are caused by Windows Print Spooler's failure in handling specially crafted response, and Windows networking components' failure in handling a Remote Administration Protocol (RAP) response.
All four issues have been fixed through the update by making necessary corrections in the way that Windows Print Spooler and Windows networking components handle responses. Users are recommended to install the latest update for applicable system as a protection measure.
CVE-2012-1850, CVE-2012-1851, CVE-2012-1852, CVE-2012-1853
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-054)