Reply
Topic Options
nCircle Knowledge Manager nCircle Knowledge Manager
nCircle Knowledge Manager
MattW
Posts: 224
Registered: ‎01-07-2012

MS12-027 - Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)

[ Edited ]
Options

‎04-10-2012 10:21 AM - edited ‎04-10-2012 10:24 AM

This thread is for discussion of the following Microsoft Security Bulletin:

 

Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258) 

This security update resolves a privately disclosed vulnerability in Windows common controls. The vulnerability could allow remote code execution if a user visits a website containing specially crafted content designed to exploit the vulnerability. In all cases, however, an attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website. The malicious file could be sent as an email attachment as well, but the attacker would have to convince the user to open the attachment in order to exploit the vulnerability.

 

http://go.microsoft.com/fwlink/?LinkId=246275

Message 1 of 9 (378 Views)
Reply
0 Kudos
Expert Contributor
corllb
Posts: 259
Registered: ‎01-24-2012

Re: MS12-027 - Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)

Options

‎04-12-2012 07:44 AM

So it seems this is the bad boy of this month's releases. It already has exploit code released and is being utilized "in targeted attacks". So is this worth pushing through the process and getting it installed w/o our normal validation process? 

 

http://www.pcworld.com/businesscenter/article/253553/patch_ms12027_nowzero_day_flaw_being_actively_e... 

http://blogs.technet.com/b/srd/archive/2012/04/10/ms12-027-enhanced-protections-regarding-activex-co...

http://krebsonsecurity.com/2012/04/adobe-microsoft-issue-critical-updates/#more-14615 

Message 2 of 9 (369 Views)
Reply
0 Kudos
nCircle Knowledge Manager nCircle Knowledge Manager
nCircle Knowledge Manager
MattW
Posts: 224
Registered: ‎01-07-2012

Re: MS12-027 - Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)

Options

‎04-12-2012 07:51 AM

Good ol' ActiveX. I'm going to look at the analytics to see how many of our site visitors are using Internet Explorer. Any guesses?

Message 3 of 9 (370 Views)
Reply
0 Kudos
Expert Contributor
corllb
Posts: 259
Registered: ‎01-24-2012

Re: MS12-027 - Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)

Options

‎04-12-2012 08:13 AM

50% using IE

25% using FireFox

25% using Chrome

 

Or I could ask what the "standard" browser is for nCircle managed desktops and say that will be 75% of the browsers used as I imagine that is a large percentage of the traffic to the site. 

Message 4 of 9 (368 Views)
Reply
0 Kudos
Josh
Contributor
Josh
Posts: 67
Registered: ‎01-30-2012

Re: MS12-027 - Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)

Options

‎04-12-2012 01:44 PM

The breakdown would be interesting since this is more security based group. I would hope that IE get the 25% and FF and Chrome get the 75%.

 

If not, just wait until Sunday :smileywink:

Message 5 of 9 (365 Views)
Reply
0 Kudos
Expert Contributor
corllb
Posts: 259
Registered: ‎01-24-2012

Re: MS12-027 - Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)

Options

‎04-12-2012 06:13 PM

And I just connected via IE just to add some spice to the list :smileylol:

Message 6 of 9 (363 Views)
Reply
0 Kudos
nCircle Knowledge Manager nCircle Knowledge Manager
nCircle Knowledge Manager
MattW
Posts: 224
Registered: ‎01-07-2012

Re: MS12-027 - Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)

Options

‎04-12-2012 07:08 PM

And the results...

 

Visits over the past month by browser used:

  1. Chrome (35%)
  2. Internet Explorer (29%)
  3. Firefox (21%)
  4. Safari (8%)
  5. Other (7%)
Message 7 of 9 (361 Views)
Reply
0 Kudos
Josh
Contributor
Josh
Posts: 67
Registered: ‎01-30-2012

Re: MS12-027 - Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)

Options

‎04-13-2012 06:58 AM

I win! :smileyhappy:

Message 8 of 9 (358 Views)
Reply
0 Kudos
Expert Contributor
corllb
Posts: 259
Registered: ‎01-24-2012

Re: MS12-027 - Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)

Options

‎04-18-2012 11:37 AM

Ok, back to a legitimate question:

 

My desktop team is asking me to not use MS Bulletin Numbers but KB numbers with my recommendations to them on what they should patch. And they want to know which KB's we're advising them to update and which from the Bulletin they can ignore. This particular one actually has many KB#'s. Do you get asked this often? I know when I query my A/D machines I can do it via KB#, but typically when I recommend patches it is the bulletin number, not the KB#'s as is the case with MS12-027 there are like 12 or more KB #'s.

 

KB2597112

KB2598041

KB2598039

KB983807

KB983808

KB2645025

KB2658674

KB2658677

KB2658676

KB2647488

KB2647490

KB2641426

 

Any ideas / experiences of others on how you answer this dilemma? Just saying well, patch them all doesn't sound sufficient or professional so I'm looking for advice on how to answer these (technically speaking and business related).

Message 9 of 9 (345 Views)
Reply
0 Kudos