Windows Shell vulnerabilities could allow remote code execution
Report ID: MS201211002
Date Published: 14 November 2012
Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote
Affected Product/Component:
Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 8
Windows Server 2012
Summary
Two vulnerabilities in the Briefcase feature in Windows could each be exploited by an attacker to execute arbitrary code on an affected system.
Detailed Description
Microsoft has released a security update following the report of two vulnerabilities found in the Briefcase feature in Windows. Briefcase is a feature that synchronizes the contents of two folders. The two vulnerabilities were caused by improper handling of a specially crafted briefcase, resulting in a condition that may allow an attacker to execute arbitrary code on the system.
Both vulnerabilities have been addressed through the latest security update, which introduces modification in the way that Windows handles a briefcase. Users are recommended to install this update to protect their system from potential exploit attempts.
CVE Reference
CVE-2012-1527, CVE-2012-1528
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-072)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.
