An error occurred:

Check: 2012-A-0079

windows 7 iavm: 2012-A-0079 (in version v1 r32)

Title

Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (Cat I impact)

Discussion

Microsoft has released a security bulletin addressing multiple vulnerabilities in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework, and Microsoft Silverlight. To exploit these vulnerabilities, an attacker would entice a user to open a malicious document or access a malicious or compromised webpage. If successfully exploited, these vulnerabilities would allow an attacker to compromise the affected system.At this time, there are no known exploits associated with these vulnerabilities; USCYBERCOM is not aware of any DoD related incidents.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft Bulletin MS12-034 (2681578). Vulnerable Applications/Systems: Microsoft Windows KB2658846 - DirectWrite Windows Vista SP2 (x86 and x64) Windows Server 2008 SP2 (x86 and x64) Windows 7 and Windows 7 SP1 (x86 and x64) Windows Server 2008 R2 and Windows Server 2008 R2 SP1 (x64 and Itanium) KB2659262 - Windows GDI+ Windows XP SP3 Windows XP Professional x64 Edition SP2 Windows Server 2003 SP2 (x86, x64 and Itanium) Windows Vista SP2 (x86 and x64) Windows Server 2008 SP2 (x86, x64, and Itanium) Windows Server 2008 SP2 (x86 and x64 Server Core) Windows 7 and Windows 7 SP1 (x86 and x64) Windows Server 2008 R2 and Windows Server 2008 R2 SP1 (x64 and Itanium) Windows Server 2008 R2 and Windows Server 2008 R2 SP1 (x64 Server Core) KB2660649 - Windows Journal Windows XP SP3 (Tablet PC Edition 2005 SP3 only) Windows Vista SP2 (x86 and x64) Windows Server 2008 SP2 (x86 and x64) [3] Windows 7 and Windows 7 SP1 (x86 and x64) Windows Server 2008 R2 and Windows Server 2008 R2 SP1 (x64) [4] KB2676562 - Windows Kernel-Mode Drivers Windows XP SP3 Windows XP Professional x64 Edition SP2 Windows Server 2003 SP2 (x86, x64 and Itanium) Windows Vista SP2 (x86 and x64) Windows Server 2008 SP2 (x86, x64, and Itanium) Windows Server 2008 SP2 (x86 and x64 Server Core) Windows 7 and Windows 7 SP1 (x86 and x64) Windows Server 2008 R2 and Windows Server 2008 R2 SP1 (x64 and Itanium) Windows Server 2008 R2 and Windows Server 2008 R2 SP1 (x64 Server Core) KB2686509 - Keyboard Layout Windows XP SP3 Windows XP Professional x64 Edition SP2 Windows Server 2003 SP2 (x86, x64 and Itanium) Microsoft .NET Framework KB2656407 - Microsoft .NET Framework 3.0 SP2 Windows XP SP3 Windows XP Professional x64 Edition SP2 Windows Server 2003 SP2 (x86 and x64) KB2656409 - Microsoft .NET Framework 3.0 SP2 Windows Vista SP2 (x86 and x64) Windows Server 2008 SP2 (x86 and x64) KB2656410 - Microsoft .NET Framework 3.5.1 Windows 7 for 32-bit Systems Windows 7 for x64-based Systems Windows Server 2008 R2 (x64) Windows Server 2008 R2 (x64 Server Core) KB2656411 - Microsoft .NET Framework 3.5.1 Windows 7 for 32-bit Systems SP1 Windows 7 for x64-based Systems SP1 Windows Server 2008 R2 SP1 (x64) Windows Server 2008 R2 SP1 (x64 Server Core) KB2656405 [1] - Microsoft .NET Framework 4 Windows XP SP3 Windows XP Professional x64 Edition SP2 Windows Server 2003 SP2 (x86 and x64) Windows Vista SP2 (x86 and x64) Windows Server 2008 SP2 (x86 and x64) Windows 7 and Windows 7 SP1 (x86 and x64) Windows Server 2008 R2 and Windows Server 2008 R2 SP1 (x64) Windows Server 2008 R2 SP1 (x64 Server Core) Microsoft Office KB2589337 - Microsoft Office 2010 and Office 2010 SP1 (x86 and x64) KB2596672 - Microsoft Office 2007 SP2 and SP3 KB2596792 - Microsoft Office 2007 SP2 and SP3 KB2598253 - Microsoft Office 2003 SP3 Microsoft Developer Tools and Software KB2690729 - Microsoft Silverlight 4 KB2636927 - Microsoft Silverlight 5 [1].NET Framework 4 and .NET Framework 4 Client Profile affected. The .NET Framework version 4 redistributable packages are available in two profiles: .NET Framework 4 and .NET Framework 4 Client Profile. .NET Framework 4 Client Profile is a subset of .NET Framework 4. The vulnerability addressed in this update affects both .NET Framework 4 and .NET Framework 4 Client Profile. For more information, see the MSDN article, Installing the .NET Framework. [3]This update is only applicable for Windows Server 2008 systems when the optional Desktop Experience feature has been installed and enabled. See the update FAQ for details. [4]This update is only applicable for Windows Server 2008 R2 systems when the Ink Support component of the optional Ink and Handwriting Services feature has been installed and enabled. See the update FAQ for details. Verify the patches have been installed by checking that the following sample files are at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems/Applications not listed below. Microsoft Windows KB2658846 – DirectWrite Dwrite.dll Windows Vista SP2 / 2008 SP2 - 7.0.6002.18592 or 22807 Windows 7 / 2008 R2 - 6.1.7600.16972 or 21162 Windows 7 SP1 / 2008 R2 SP1 - 6.1.7601.17789 or 21935 KB2659262 - Windows GDI+ Gdiplus.dll Windows XP SP3 - 5.2.6002.22791 Windows XP Professional x64 Edition SP2 - 5.2.6002.22791 Windows Server 2003 SP2 - 5.2.6002.22791 Windows Vista SP2 / 2008 SP2 - 5.2.6002.18581 or 22795; 6.0.6002.18581 or 22795 Windows 7 / 2008 R2 - 5.2.7600.17007 or 21198; 6.1.7600.17007 or 21198 Windows 7 SP1 / 2008 R2 SP1 - 5.2.7601.17825 or 21977; 6.1.7601.17825 or 21977 KB2660649 - Windows Journal Jntfiltr.dll Windows XP SP3 (Tablet PC Edition 2005 SP3 only) - 1.7.2600.6189 Windows Vista SP2 / 2008 SP2 - 6.0.6002.18579 or 22789 Windows 7 / 2008 R2 - 6.1.7600.16988 or 21179 Windows 7 SP1 / 2008 R2 SP1 - 6.1.7601.17803 or 21955 KB2676562 - Windows Kernel-Mode Drivers Win32k.sys Windows XP SP3 - 5.1.2600.6206 Windows XP Professional x64 Edition SP2 - 5.2.3790.4980 Windows Server 2003 SP2 - 5.2.3790.4980 Windows Vista SP2 / 2008 SP2 - 6.0.6002.18607 or 22831 Windows 7 / 2008 R2 - 6.1.7600.16988 or 21179 Windows 7 SP1 / 2008 R2 SP1 - 6.1.7601.17803 or 21955 KB2686509 - Keyboard Layout Kblchecker.dll Windows XP SP3 - 5.1.2600.6211 Windows XP Professional x64 Edition SP2 - 5.2.3790.4985 Windows Server 2003 SP2 - 5.2.3790.4985 Microsoft .NET Framework KB2656407 - Microsoft .NET Framework 3.0 SP2 PresentationCore.dll - 3.0.6920.4021 or 5810 Windows XP SP3 Windows XP Professional x64 Edition SP2 Windows Server 2003 SP2 KB2656409 - Microsoft .NET Framework 3.0 SP2 PresentationCore.dll - 3.0.6920.4213 or 5794 Windows Vista SP2 Windows Server 2008 SP2 KB2656410 - Microsoft .NET Framework 3.5.1 PresentationCore.dll - 3.0.6920.5005 or 5809 Windows 7 Windows Server 2008 R2 KB2656411 - Microsoft .NET Framework 3.5.1 PresentationCore.dll - 3.0.6920.5448 or 5794 Windows 7 SP1 Windows Server 2008 R2 SP1 KB2656405 - Microsoft .NET Framework 4 PresentationCore.dll - 4.0.30319.275 or 550 Windows XP SP3 Windows XP Professional x64 Edition SP2 Windows Server 2003 SP2 Windows Vista SP2 Windows Server 2008 SP2 Windows 7 and Windows 7 SP1 Windows Server 2008 R2 and Windows Server 2008 R2 SP1 Microsoft Office KB2589337 - Microsoft Office 2010 and Office 2010 SP1 (x86 and x64) Ogl.dll - 14.0.6117.5001 KB2596672 - Microsoft Office 2007 SP2 and SP3 Ogl.dll - 12.0.6659.5000 KB2596792 - Microsoft Office 2007 SP2 and SP3 Mdigraph.dll - 12.3.6658.5001 KB2598253 - Microsoft Office 2003 SP3 GDIPLUS.DLL - 11.0.8345 Microsoft Developer Tools and Software KB2690729 - Microsoft Silverlight 4 Silverlight.exe - 4.1.10329 KB2636927 - Microsoft Silverlight 5 Silverlight.exe - 5.1.10411

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-32304

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check