exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Technical Cyber Security Alert 2012-174A

Technical Cyber Security Alert 2012-174A
Posted Jun 23, 2012
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2012-174A - Microsoft Security Advisory (2719615) warns of active attacks using a vulnerability in Microsoft XML Core Services. Microsoft Internet Explorer and Microsoft Office can be used as attack vectors.

tags | advisory
SHA-256 | 0c812057868f3aa30c32aad25076f9d58f948634874ad313df23ae18d0447418

Technical Cyber Security Alert 2012-174A

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Awareness System

Technical Cyber Security Alert TA12-174A


Microsoft XML Core Services Attack Activity

Original release date: June 22, 2012
Last revised: --
Source: US-CERT


Systems Affected

Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 are affected.
Microsoft Internet Explorer, Microsoft Office 2003, and Microsoft
Office 2007 are affected due to their use of XML Core Services.


Overview

Microsoft Security Advisory (2719615) warns of active attacks using
a vulnerability in Microsoft XML Core Services. Microsoft Internet
Explorer and Microsoft Office can be used as attack vectors.


Description

Microsoft Security Advisory (2719615), a Google Online Security
blog post, Sophos, and other sources report active attacks
exploiting a vulnerability in Microsoft XML Core Services
(CVE-2012-1889). Attack scenarios involve exploits served by
compromised web sites and delivered in Office documents. Reliable
public exploit code is available, and attacks may become more
widespread.


Impact

By convincing a victim to view a specially crafted web page or
Office document, an attacker could execute arbitrary code and take
any action as the victim.


Solution

As of June 22, 2012, a comprehensive update is not available.
Consider the following workarounds.

Apply Fix it

Apply the Fix it solution described in Microsoft Knowledge Base
Article 2719615. This solution uses the Application
Compatibility Database feature to make runtime modifications to
XML Core Services to patch the vulnerability.

Disable scripting

Configure Internet Explorer to disable Active Scripting in the
Internet and Local intranet zones as described in Microsoft
Security Advisory (2719615). See also Securing Your Web Browser.

Use the Enhanced Mitigation Experience Toolkit (EMET)

EMET is a utility to configure Windows runtime mitigation
features such as Data Execution Prevention (DEP), Address Space
Layout Randomization (ASLR), and Structured Exception Handler
Overwrite Protection (SEHOP). These features, particularly the
combination of system-wide DEP and ASLR, make it more difficult
for an attacker to successfully exploit a vulnerability.
Configure EMET for Internet Explorer as described in Microsoft
Security Advisory (2719615).


References

* Microsoft Security Advisory (2719615) -
<https://technet.microsoft.com/en-us/security/advisory/2719615>

* Microsoft Security Advisory: Vulnerability in Microsoft XML Core
Services could allow remote code execution -
<http://support.microsoft.com/kb/2719615>

* NVD Vulnerability Summary for CVE-2012-1889 -
<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1889>

* Microsoft XML vulnerability under active exploitation -
<http://googleonlinesecurity.blogspot.com/2012/06/microsoft-xml-vulnerability-under.html>

* European aeronautical supplier's website infected with "state-sponsored" zero-day exploit -
<http://nakedsecurity.sophos.com/2012/06/20/aeronautical-state-sponsored-exploit/>

* Securing Your Web Browser -
<https://www.us-cert.gov/reading_room/securing_browser/>

* Application Compatibility Database -
<http://msdn.microsoft.com/en-us/library/bb432182(v=vs.85).aspx>


Revision History

June 22, 2012: Initial release

____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA12-174A Feedback VU#783993" in
the subject.
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA12-174A Feedback VU#783993" in
the subject.
____________________________________________________________________

Produced by US-CERT, a government organization.
____________________________________________________________________

This product is provided subject to this Notification:
http://www.us-cert.gov/privacy/notification.html

Privacy & Use policy:
http://www.us-cert.gov/privacy/

This document can also be found at
http://www.us-cert.gov/cas/techalerts/TA12-174A.html

For instructions on subscribing to or unsubscribing from this
mailing list, visit http://www.us-cert.gov/cas/signup.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBT+TZH3dnhE8Qi3ZhAQIjggf+O+mOYAEj9Lhq05KCWunmNoLREdH8ura3
DVnvdz+PBgQwxJXCl2fxCvJ56nPnxgKoDvtKWHDdFePfmS1+Tmp9/DnXoEY8tFCd
SlqYoL+jUuxJGQk4oxbTP/U2Gcu1GSOgpc4sj5WGiuHFQa1iDEJ+rSG2myUqyIEu
B5HsYiqOGHXyynXWxdr5W9/37owlfXWJeazs2aviqGIKq/5uz78NHy/RHMnphOhI
qCZzRnHHkyHeS0JojqCnJjNeDoLMaMUzdEzRsZt4bY0YgonRJnRSaEgPlKGvvfSo
nIeTdyDIZQVsN6H0yjSaN+whlS30BFiasDtLw50omazYdkSv2jJHCg==
=7lRz
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    11 Files
  • 30
    Jun 30th
    7 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close