Windows Shell vulnerabilities could allow remote code execution
Report ID: MS201211002
Date Published: 14 November 2012
Compromise Type: remote-code-execution
Compromise From: remote
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Two vulnerabilities in the Briefcase feature in Windows could each be exploited by an attacker to execute arbitrary code on an affected system.
Microsoft has released a security update following the report of two vulnerabilities found in the Briefcase feature in Windows. Briefcase is a feature that synchronizes the contents of two folders. The two vulnerabilities were caused by improper handling of a specially crafted briefcase, resulting in a condition that may allow an attacker to execute arbitrary code on the system.
Both vulnerabilities have been addressed through the latest security update, which introduces modification in the way that Windows handles a briefcase. Users are recommended to install this update to protect their system from potential exploit attempts.
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-072)