Internet Explorer cumulative security update
Report ID: MS201209004
Date Published: 24 September 2012
Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote
Affected Product/Component:
Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9
Summary
A cumulative security update for Internet Explorer has been released to address five vulnerabilities in Internet Explorer, including the 0-day vulnerability reported on 20 September 2012.
Detailed Description
Microsoft has issued a security update to address five reported vulnerabilities in Internet Explorer (IE), including one 0-day vulnerability reported in this report, Internet Explorer vulnerability. Each of the vulnerabilities was caused by memory corruption that resulted from accessing a deleted or an improperly initialized object in memory. An attacker could take advantage of the condition to execute arbitrary code and take control of the affected system.
These issues have been addressed through the latest security update for IE, which introduces modification in the way that objects in memory are handled. Users are recommended to install the latest update as a protection measure against potential exploit attempts.
CVE Reference
CVE-2012-1529, CVE-2012-2546, CVE-2012-2548, CVE-2012-2557, CVE-2012-4969
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-063)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.
Microsoft FAST Search Server 2012 vulnerability could allow remote code execution
Report ID: MS201210004
Date Published: 10 October 2012
Criticality: Important
Compromise Type: remote-code-execution
Compromise From: remote
Affected Product/Component:
Microsoft FAST Search Server 2010 for SharePoint
Summary
A vulnerability involving Microsoft FAST Search Server 2010 for SharePoint and Oracle Outside In libraries could allow an attacker to execute code and take control of an affected system.
Detailed Description
Microsoft has issued an update that addresses multiple vulnerabilities involving Oracle Outside In libraries and FAST Search Server 2010 for SharePoint. Attackers who successfully exploit these vulnerabilities may be able to execute arbitrary code on the affected system in the context of a user account.
In the latest update by Microsoft, the affected Oracle Outside In libraries are updated to a non-vulnerable version. In order to protect their system, users are recommended to install the update as well as take other protection measure, such as disabling the Advanced Filter Pack and installing relevant update from Oracle.
CVE Reference
CVE-2012-1766, CVE-2012-1767, CVE-2012-1768, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, CVE-2012-3109, and CVE-2012-3110
Solution
Install the latest security patch for applicable system, available for download from (http://technet.microsoft.com/en-us/security/bulletin/ms12-067). Additionally, users are also advised to disable the Advanced Filter Pack and to install relevant update from Oracle.
Source
Microsoft Security Bulletin MS12-067
Microsoft Security Advisory 2737111
Oracle Critical Patch Update Advisory - July 2012
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.