8/2/2019 Ms.bulletin Feb2012

http://slidepdf.com/reader/full/msbulletin-feb2012 1/4

Microsoft sẽ phát hành 9 bản cập nhật bảo mật vào ngày 14/2 

Microsoft cho bi t s cung c p các b n vá l i b o m t cho Windows và các s nế ẽ ấ ả ỗ ả ậ ả  ph m khác c a Microsoft vào ngày 14/2/2012 t i đây.ẩ ủ ớ Theo đó, Microsoft thông báo r ng s có không ít h n 9 b n c p nh t b o m t,ằ ẽ ơ ả ậ ậ ả ậ  trong s đó có đ n 4 b n vá đ c cho là “nghiêm tr ng” cùng v i 5 b n vá l iố ế ả ượ ọ ớ ả ỗ  còn l i đ c đánh giá là “quan tr ng”. 7 trong s 9 b n c p nh t đ vá các lạ ượ ọ ố ả ậ ậ ể ỗ h ng cho phép th c thi mã t xa, trong khi hai b n c p nh t còn l i đ u thu cổ ự ừ ả ậ ậ ạ ề ộ  lo i "Elevation of Privilege".ạMicrosoft c ng cho bi t các b n vá l i này s s a ch a các v n đ trongũ ế ả ỗ ẽ ử ữ ấ ề  Windows, Internet Explorer, .NET Framework, Silverlight, Office và MicrosoftServer Software.Ngoài các b n vá l i, Microsoft s cung c p phiên b n m i c a Windowsả ỗ ẽ ấ ả ớ ủ  Malicious Software Removal Tool thông qua Windows Update, Microsoft Update,Windows Server Update Services và Download Center.Ng i dùng Windows s d ng tính n ng Automatic Update đ c kích ho t trênườ ử ụ ă ượ ạ  

máy s nh n đ c nh ng thay đ i ngay l p t c mà không c n ph i t i v và càiẽ ậ ượ ữ ổ ậ ứ ầ ả ả ề  đ t b ng tay. Nh ng ng i không s d ng tính n ng Automatic Update c n ph iặ ằ ữ ườ ử ụ ă ầ ả  th c hi n vi c c p nh t theo h ng d n.ự ệ ệ ậ ậ ướ ẫMicrosoft s t ch c m t webcast (t ng t nh m t ch ng trình t v n trênẽ ổ ứ ộ ươ ự ư ộ ươ ư ấ    truy n hình) đ gi i quy t các câu h i c a khách hàng d a trên các b n tin b o  ề ể ả ế ỏ ủ ự ả ả  m t vào ngày 15/2/2012, lúc 11 gi sáng (theo múi gi M và Canada).ậ ờ ờ ỹNh ng ng i mu n đ ng kí webcast có th đ ng kí thông qua trang webữ ườ ố ă ể ă này.

Microsoft Security Bulletins For February 2012 Released

Microsoft today has released this month’s security updates. A total of nine security bulletins have been released, of which four address vulnerabilities with a maximum severity rating of critical. This

means that at least one Microsoft product is affected critically by the vulnerability. Six bulletins fix

issues in the Windows operating system, two in Microsoft Office and one each in Internet Explorer,

Microsoft Server Software, Microsoft Silverlight and the Microsoft .Net Framework.

Both Windows 7 and Windows Vista are affected by four critical and one important vulnerability

each, while Windows XP is only affected by three critical and two important vulnerabilities.

Here are the bulletins for February 2012:

• MS12-008 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow RemoteCode Execution (2660465) – This security update resolves a privately reported vulnerability

and a publicly disclosed vulnerability in Microsoft Windows. The more severe of these

vulnerabilities could allow remote code execution if a user visits a website containing

specially crafted content or if a specially crafted application is run locally. An attacker would

have no way to force users to visit a malicious website. Instead, an attacker would have to

convince users to visit the website, typically by getting them to click a link in an email

message or Instant Messenger message that takes them to the attacker’s website.

• MS12-010 – Cumulative Security Update for Internet Explorer (2647516) – This security

update resolves four privately reported vulnerabilities in Internet Explorer. The most severe

vulnerabilities could allow remote code execution if a user views a specially crafted web page

using Internet Explorer. An attacker who successfully exploited any of these vulnerabilitiescould gain the same user rights as the logged-on user. Users whose accounts are configured to

1

8/2/2019 Ms.bulletin Feb2012

http://slidepdf.com/reader/full/msbulletin-feb2012 2/4

have fewer user rights on the system could be less impacted than users who operate with

administrative user rights.

• MS12-013 – Vulnerability in C Run-Time Library Could Allow Remote Code Execution

(2654428) – This security update resolves a privately reported vulnerability in Microsoft

Windows. The vulnerability could allow remote code execution if a user opens a specially

crafted media file that is hosted on a website or sent as an email attachment. An attacker who

successfully exploited the vulnerability could gain the same user rights as the local user. Userswhose accounts are configured to have fewer user rights on the system could be less impacted

than users who operate with administrative user rights.

• MS12-016 – Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow

Remote Code Execution (2651026) – This security update resolves one publicly disclosed

vulnerability and one privately reported vulnerability in Microsoft .NET Framework and

Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client

system if a user views a specially crafted web page using a web  browser that can run XAML

Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are

configured to have fewer user rights on the system could be less impacted than users who

operate with administrative user rights.

• MS12-009 – Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640) – This security update resolves two privately reported vulnerabilities in

Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs

on to a user’s system and runs a specially crafted application. An attacker must have valid

logon credentials and be able to log on locally to exploit the vulnerabilities.

• MS12-011 – Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege

(2663841) – This security update resolves three privately reported vulnerabilities in Microsoft

SharePoint and Microsoft SharePoint Foundation. These vulnerabilities could allow elevation

of privilege or information disclosure if a user clicked a specially crafted URL.

• MS12-012 – Vulnerability in Color Control Panel Could Allow Remote Code Execution

(2643719) – This security update resolves one publicly disclosed vulnerability in Microsoft

Windows. The vulnerability could allow remote code execution if a user opens a legitimate

file (such as an .icm or .icc file) that is located in the same directory as a specially crafted

dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability

could gain the same user rights as the logged-on user. Users whose accounts are configured to

have fewer user rights on the system could be less impacted than users who operate with

administrative user rights.

• MS12-014 – Vulnerability in Indeo Codec Could Allow Remote Code Execution

(2661637) – This security update resolves one publicly disclosed vulnerability in Microsoft

Windows. The vulnerability could allow remote code execution if a user opens a legitimate

file (such as an .avi file) that is located in the same directory as a specially crafted dynamic

link library (DLL) file. An attacker who successfully exploited this vulnerability could runarbitrary code as the logged-on user. An attacker could then install programs; view, change, or 

delete data; or create new accounts with full user rights. If a user is logged on with

administrative user rights, an attacker could take complete control of the affected system.

Users whose accounts are configured to have fewer user rights on the system could be less

impacted than users who operate with administrative user rights.

• MS12-015 – Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code

Execution (2663510) – This security update resolves five privately reported vulnerabilities in

Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a

specially crafted Visio file. An attacker who successfully exploited these vulnerabilities could

gain the same user rights as the logged-on user. Users whose accounts are configured to have

fewer user rights on the system could be less impacted than users who operate withadministrative user rights.

2

8/2/2019 Ms.bulletin Feb2012

http://slidepdf.com/reader/full/msbulletin-feb2012 3/4

You can access the  bulletin summary here on this page.

Windows Update has already picked up the new updates. You may need to run a manual check for 

updates though. Windows Vista and Windows 7 users can open the control panel either by pasting

Control Panel\All Control Panel Items\Windows Update into an Explorer window, or by searching

for Windows Update in the start menu.

A click on Check for Updates there retrieves the most recent update information from Microsoft.

Users who do not want to or cannot update via Windows Update find all security updates at

Microsoft’s official download repository.

Update: Microsoft has posted the Bulletin Deployment Priority chart and the Severity and

Exploitability Index. Images below.

3

8/2/2019 Ms.bulletin Feb2012

http://slidepdf.com/reader/full/msbulletin-feb2012 4/4

You can read up on this month’s bulletins at the Microsoft Security Response Center.

Update: The February 2012 Security Release ISO Image is available now as well.

Enjoyed the article?: Then sign-up for our free newsletter  or RSS feed to kick off your day with the

latest technology news and tips, or share the article with your friends and contacts on Facebook or 

Twitter.

4