Commonwealth Security Advisory – Feb 16th, 2012

Commonwealth Security and Risk Management staff has been tracking multiple vulnerabilities
that may have significant impact for the Commonwealth Information Security community.


Summary:



  1. Adobe Flash Player Multiple Vulnerabilities

  2. Adobe Shockwave Player/RoboHelp Multiple Vulnerabilities

  3. Cisco NX-OS Vulnerability

  4. Google Chrome Multiple Vulnerabilities

  5. Microsoft February Security Bulletin -

    1. Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution MS12-008 (2660465) – Critical
    2. Cumulative Security Update for Internet Explorer MS12-010 (2647516) – Critical
    3. Vulnerability in C Run-Time Library Could Allow Remote Code Execution MS12-013 (2654428) – Critical
    4. Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution MS12-016 (2651026) – Critical
    5. Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege MS12-009 (2645640) – Important
    6. Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege MS12-011 (2663841) – Important
    7. Vulnerability in Color Control Panel Could Allow Remote Code Execution MS12-012 (2643719) – Important
    8. Vulnerability in Indeo Codec Could Allow Remote Code Execution MS12-014 (2661637) – Important
    9. Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution MS12-015 (2663510) – Important

  6. Mozilla Firefox Vulnerability

  7. Oracle Releases Critical Patch Update for February 2012

  8. Red Hat Multiple Vulnerabilities



Vulnerability:
Adobe Flash Player Multiple Vulnerabilities


Affected Software:



  • Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux, and Solaris operating systems


  • Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x


  • Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.x



Explanation: Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to cause a denial-of-service condition, take control of the affected system, or perform a cross-site scripting attack.


Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.


http://www.adobe.com/support/security/bulletins/apsb12-03.html


http://www.us-cert.gov/current/index.html#adobe_releases_security_advisory_for12




Vulnerability: Adobe Shockwave Player/Acrobat RoboHelp Multiple Vulnerabilities


Affected Software:



  • Adobe Shockwave Player 11.6.3.633 and earlier versions
  • Adobe RoboHelp 9 or 8 for Word on Windows

Explanation: Multiple vulnerabilities have been reported in Adobe Shockwave and RoboHelp, which can be exploited by malicious people to compromise a user’s system.


Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.


http://www.adobe.com/support/security/bulletins/apsb12-02.html


http://www.adobe.com/support/security/bulletins/apsb12-04.html


http://www.us-cert.gov/current/index.html#adobe_releases_security_advisory_for11




Vulnerability: Cisco NX-OS Vulnerability


Affected Devices:



  • Cisco Nexus 1000v Series Switches
  • Cisco Nexus 5000 Series Switches
  • Cisco Nexus 7000 Series Switches

Explanation: A single vulnerability has been reported in Cisco NX-OS software, which potentially can be exploited by malicious people to create a denialof service condition.


Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.


http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120215-nxos


http://www.us-cert.gov/current/index.html#cisco_releases_security_advisory_for29




Vulnerability: Google Chrome Multiple Vulnerabilities


Affected Software:



  • Google Chrome 17.x

Explanation: Multiple vulnerabilities have been reported in Google Chrome, which potentially can be exploited by malicious people to compromise a user’s system.


Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.


http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+GoogleChromeReleases+%28Google+Chrome+Releases%29&utm_content=FeedBurner


http://www.us-cert.gov/current/index.html#google_releases_chrome_17_01




Vulnerability: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution MS12-008 (2660465) – Critical


Affected Software:



  • Microsoft Windows XP Service Pack 3
  • Microsoft Windows XP Professionalx64 Edition Service Pack 2
  • Microsoft Windows Server 2003 Service Pack 2
  • Microsoft Windows Server 2003 x64 Edition Service Pack 2
  • Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
  • Microsoft Windows Vista Service Pack 2
  • Microsoft Windows Vista x64 Edition Service Pack 2
  • Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2
  • Microsoft Windows Server 2008 for x64-based Systems Service Pack 2
  • Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2
  • Microsoft Windows 7 for 32-bitSystems
  • Microsoft Windows 7 for 32-bitSystems Service Pack 1
  • Microsoft Windows 7 for x64-based Systems
  • Microsoft Windows 7 for x64-based Systems Service Pack 1
  • Microsoft Windows Server 2008 R2 for x64-based Systems
  • Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Microsoft Windows Server 2008 R2 for Itanium-based Systems
  • Microsoft Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Explanation: Multiple vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user’s system.


Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.


http://technet.microsoft.com/en-us/security/bulletin/ms12-008


http://technet.microsoft.com/en-us/security/bulletin/ms12-feb




Vulnerability: Cumulative Security Update for Internet Explorer MS12-010 (2647516) – Critical


Affected Software:



  • Microsoft Internet Explorer 6
    • Microsoft Windows XP Service Pack 3
    • Microsoft Windows XP Professionalx64 Edition Service Pack 2
    • Microsoft Windows Server 2003 Service Pack 2
    • Microsoft Windows Server 2003 x64Edition Service Pack 2
    • Microsoft Windows Server 2003 with SP2 for Itanium-based Systems

  • Microsoft Internet Explorer 7
    • Microsoft Windows XP Service Pack3
    • Microsoft Windows XP Professionalx64 Edition Service Pack 2
    • Microsoft Windows Server 2003 Service Pack 2
    • Microsoft Windows Server 2003 x64Edition Service Pack 2
    • Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
    • Microsoft Windows Vista Service Pack 2
    • Microsoft Windows Vista x64 Edition Service Pack 2
    • Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2
    • Microsoft Windows Server 2008 for x64-based Systems Service Pack 2
    • Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2

  • Microsoft Internet Explorer 8

    • Microsoft Windows XP Service Pack 3
    • Microsoft Windows XP Professionalx64 Edition Service Pack 2
    • Microsoft Windows Server 2003 Service Pack 2
    • Microsoft Windows Server 2003 x64 Edition Service Pack 2
    • Microsoft Windows Vista Service Pack 2
    • Microsoft Windows Vista x64 Edition Service Pack 2
    • Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2
    • Microsoft Windows Server 2008 forx64-based Systems Service Pack 2
    • Microsoft Windows 7 for 32-bitSystems
    • Microsoft Windows 7 for 32-bit Systems Service Pack 1
    • Microsoft Windows 7 for x64-based Systems
    • Microsoft Windows 7 for x64-based Systems Service Pack 1
    • Microsoft Windows Server 2008 R2 for x64-based Systems
    • Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1
    • Microsoft Windows Server 2008 R2 for Itanium-based Systems
    • Microsoft Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

  • Microsoft Internet Explorer 9

    • Microsoft Windows Vista Service Pack 2
    • Microsoft Windows Vista x64 Edition Service Pack 2
    • Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2
    • Microsoft Windows Server 2008 for x64-based Systems Service Pack 2
    • Microsoft Windows 7 for 32-bit Systems
    • Microsoft and Windows 7 for 32-bit Systems Service Pack 1
    • Microsoft Windows 7 for x64-based Systems
    • Microsoft Windows 7 for x64-based Systems Service Pack 1
    • Microsoft Windows Server 2008 R2 for x64-based Systems
    • Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1


Explanation: Multiple vulnerabilities has been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user’ssystem.


Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.


http://technet.microsoft.com/en-us/security/bulletin/ms12-010


http://technet.microsoft.com/en-us/security/bulletin/ms12-feb




Vulnerability: Vulnerability in C Run-Time Library Could Allow Remote Code Execution MS12-013 (2654428) – Critical


Affected Software:



  • Microsoft Windows Vista Service Pack 2
  • Microsoft Windows Vista x64 Edition Service Pack 2
  • Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2
  • Microsoft Windows Server 2008 for x64-based Systems Service Pack 2
  • Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2
  • Microsoft Windows 7 for 32-bit Systems
  • Microsoft Windows 7 for 32-bit Systems Service Pack 1
  • Microsoft Windows 7 for x64-based Systems
  • Microsoft Windows 7 for x64-based Systems Service Pack 1
  • Microsoft Windows Server 2008 R2 for x64-based Systems
  • Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Microsoft Windows Server 2008 R2 for Itanium-based Systems
  • Microsoft Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Explanation: A single vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user’s system.


Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.


http://technet.microsoft.com/en-us/security/bulletin/ms12-013


http://technet.microsoft.com/en-us/security/bulletin/ms12-feb




Vulnerability: Vulnerabilities in .NET Framework and Microsoft Silverlight Could
Allow Remote Code Execution MS12-016 (2651026) – Critical


Affected Software:



  • Microsoft .NET Framework 2.0 Service Pack 2

    • Microsoft Windows XP Service Pack 3
    • Microsoft Windows XP Professionalx64 Edition Service Pack 2<
    • Microsoft Windows Server 2003 Service Pack 2
    • Microsoft Windows Server 2003 x64Edition Service Pack 2
    • Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
    • Microsoft Windows Vista Service Pack 2
    • Microsoft Windows Vista x64 Edition Service Pack 2
    • Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2
    • Microsoft Windows Server 2008 for x64-based Systems Service Pack 2
    • Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2

  • Microsoft .NET Framework 3.5.1

    • Microsoft Windows Server 2008 R2 for Itanium-based Systems
    • Microsoft Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
    • Microsoft Windows 7 for 32-bit Systems
    • Microsoft Windows 7 for 32-bit Systems Service Pack 1
    • Microsoft Windows 7 for x64-based Systems
    • Microsoft Windows 7 for x64-basedSystems Service Pack 1
    • Microsoft Windows Server 2008 R2 for x64-based Systems
    • Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1


Explanation: Multiple vulnerabilities have been reported in Microsoft .NET Framework and Microsoft Silverlight, which can be exploited by malicious people to compromise a user’s system.


Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.


http://technet.microsoft.com/en-us/security/bulletin/ms12-016


http://technet.microsoft.com/en-us/security/bulletin/ms12-feb




Vulnerability: Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege MS12-009 (2645640) – Important


Affected Software:



  • Microsoft Windows XP Professional x64 Edition Service Pack 2
  • Microsoft Windows Server 2003 Service Pack 2
  • Microsoft Windows Server 2003 x64 Edition Service Pack 2
  • Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
  • Microsoft Windows Vista x64 Edition Service Pack 2
  • Microsoft Windows Server 2008 for x64-based Systems Service Pack 2
  • Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2
  • Microsoft Windows 7 for x64-based Systems
  • Microsoft Windows 7 for x64-based Systems Service Pack 1
  • Microsoft Windows Server 2008 R2 for x64-based Systems
  • Microsoft and Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Microsoft Windows Server 2008 R2 for Itanium-based Systems
  • Microsoft Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Explanation: Multiple vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to elevate privilege of valid logon credentials.


Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.


http://technet.microsoft.com/en-us/security/bulletin/ms12-009


http://technet.microsoft.com/en-us/security/bulletin/ms12-feb




Vulnerability: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege MS12-011 (2663841) – Important


Affected Software:



  • Microsoft SharePoint Server 2010
  • Microsoft SharePoint Server 2010Service Pack 1
  • Microsoft SharePoint Foundation 2010
  • Microsoft SharePoint Foundation 2010 Service Pack 1


Explanation: Multiple vulnerabilities have been reported in Microsoft SharePoint and SharePoint Foundation, which can be exploited by malicious people to allow elevation of privilege or information disclosure.


Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.


http://technet.microsoft.com/en-us/security/bulletin/ms12-011


http://technet.microsoft.com/en-us/security/bulletin/ms12-feb




Vulnerability: Vulnerability in Color Control Panel Could Allow Remote Code Execution MS12-012 (2643719) – Important


Affected Software:



  • Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2
  • Microsoft Windows Server 2008 for x64-based Systems Service Pack 2
  • Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2
  • Microsoft Windows Server 2008 R2 for x64-based Systems
  • Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Microsoft Windows Server 2008 R2 for Itanium-based Systems
  • Microsoft Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Explanation: A single vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to remotely compromise an affected system.


Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.


http://technet.microsoft.com/en-us/security/bulletin/ms12-012


http://technet.microsoft.com/en-us/security/bulletin/ms12-feb




Vulnerability: Vulnerability in Indeo Codec Could Allow Remote Code Execution MS12-014 (2661637) – Important


Affected Software:



  • Microsoft Windows XP Service Pack 3

Explanation: A single vulnerability has been reported in Microsoft Windows XP Service Pack3, which can be exploited by malicious people to remotely compromise an affected system.


Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.


http://technet.microsoft.com/en-us/security/bulletin/ms12-014


http://technet.microsoft.com/en-us/security/bulletin/ms12-feb




Vulnerability: Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution MS12-015 (2663510) – Important


Affected Software:



  • Microsoft Visio Viewer 2010 and Microsoft Visio Viewer 2010 Service Pack 1 (32-bit Edition)
  • Microsoft Visio Viewer 2010 and Microsoft Visio Viewer 2010 Service Pack 1 (64-bit Edition)

Explanation: Multiple vulnerabilities have been reported in Microsoft Office Visio Viewer, which can be exploited by malicious people to remotely compromise an affected system.


Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.


http://technet.microsoft.com/en-us/security/bulletin/ms12-015


http://technet.microsoft.com/en-us/security/bulletin/ms12-feb




Vulnerability: Mozilla Firefox Denial of Service Vulnerability


Affected Software:



  • Mozilla Firefox 10.x

Explanation: A single vulnerability has been reported in Mozilla Firefox, which can be exploited by malicious people to create a denial-of-service condition and potentially allow the malicious individual to execute arbitrary code.


Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.


http://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox10.0.1


http://www.us-cert.gov/current/index.html#mozilla_releases_firefox_10_0




Vulnerability: Oracle Releases Critical Patch Update for February 2012


Affected Software:



  • JDK and JRE 7 Update 2 and earlier
  • JDK and JRE 5 Update 30 and earlier
  • JDK and JRE 5.0 Update 33 and earlier
  • SDK and JRE 1.4.2_35 and earlier
  • JavaFX 2.0.2 and earlier

Explanation: Multiple vulnerabilities have been reported in Oracle Java, which may be remotely exploitable without authentication (i.e. may be exploited over a network without the need for a username and password) by malicious people to compromise a vulnerable system.


Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.


http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html


http://www.us-cert.gov/current/index.html#oracle_releases_critical_patch_update17




Vulnerability: Red Hat Multiple Vulnerabilities


Affected Software:



  • RHEL Desktop 6, HPC Node 6, Server 6 and Workstation 6
  • RHEL Desktop and Server 5
  • RHEL Desktop and Server 5
  • Red Hat JBoss Enterprise Application Platform 5.x

Explanation: Red Hat has issued an update for multiple software packages including httpd, glibc, kernel, and jbosscache. The software update addresses multiple vulnerabilities, which can be exploited by a malicious individual to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.


Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.


https://rhn.redhat.com/errata/RHSA-2012-0128.html


https://rhn.redhat.com/errata/RHSA-2012-0108.html