An error occurred:

Check: 2012-A-0060

windows 7 iavm: 2012-A-0060 (in version v1 r32)

Title

Microsoft Windows Remote Code Execution Vulnerability (Cat II impact)

Discussion

Microsoft has released a security bulletin addressing a remote code execution vulnerability in the Windows Authenticode Signature Verification (WinVerifyTrust) function in Microsoft Windows. The WinVerifyTrust function performs two actions: signature checking on a specified object and trust verification action. To exploit these vulnerabilities, an attacker would modify an existing signed PE file to include malicious code without invalidating the signature and entice a user to run or install the malicious file sent via email or hosted on a web site. If successfully exploited, this vulnerability would allow an attacker to execute arbitrary code resulting in the complete compromise of affected systems. At this time, there are no known exploits associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft Bulletin MS12-024 (2653956). Vulnerable Applications/Systems: Windows XP SP3 Windows XP Professional x64 Edition SP2 Windows Server 2003 SP2 (x86, x64 and Itanium) Windows Vista SP2 (x86 and x64) Windows Server 2008 SP2 (x86*, x64*, and Itanium) Windows 7 and Windows 7 SP1 (x86 and x64) Windows Server 2008 R2 and Windows Server 2008 R2 SP1 (x64* and Itanium) *Server Core installation affected. Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems\Applications not listed below. Wintrust.dll Windows XP SP3 – 5.131.2600.6198 Windows XP SP2 x64 - 5.131.3790.4970 Windows 2003 SP2 - 5.131.3790.4970 Windows Vista SP2 / 2008 SP2 - 6.0.6002.18592 or 22806 Windows 7 / 2008 R2 - 6.1.7600.16970 or 21160 Windows 7 SP1 / 2008 R2 SP1 - 6.1.7601.17787 or 21933

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-31983

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check