[BigFix-Announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Patches for Windows (English)'
autonotify at us.ibm.com
autonotify at us.ibm.com
Fri Jun 15 02:00:46 PDT 2012
Fixlet Site - 'Patches for Windows (English)'
Current Version: 1615 Published: Thu, 14 Jun 2012 20:54:10 GMT
New Fixlets:
============
***************************************************************
Title: MS12-020: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution - Windows 7 Gold/SP1 (KB2667402) - V2.0
Severity: Critical
Fixlet ID: 1202047
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS12-020
Fixlet Description: Microsoft has released a security update that resolves two privately reported vulnerabilities in the Remote Desktop Protocol. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS12-020: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution - Windows 7 Gold/SP1 (KB2667402) (x64) - V2.0
Severity: Critical
Fixlet ID: 1202051
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS12-020
Fixlet Description: Microsoft has released a security update that resolves two privately reported vulnerabilities in the Remote Desktop Protocol. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS12-020: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution - Windows Server 2008 R2 Gold/SP1 (KB2667402) (x64) - V2.0
Severity: Critical
Fixlet ID: 1202055
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS12-020
Fixlet Description: Microsoft has released a security update that resolves two privately reported vulnerabilities in the Remote Desktop Protocol. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS12-025: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 1.0 SP3 - Tablet PC/Media Center Edition - V2.0
Severity: Critical
Fixlet ID: 1202529
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS12-025
Fixlet Description: Microsoft has released a security update that resolves one privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. In a web browsing attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS12-025: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 1.0 SP3 - Tablet PC/Media Center Edition - V2.0 - CORRUPT PATCH
Severity: Critical
Fixlet ID: 1202530
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS12-025
***************************************************************
Title: MS12-025: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 1.1 SP1 - Windows XP SP2 / 2003 SP2 / Vista SP2 / 2008 SP2 (x64) - V2.0
Severity: Critical
Fixlet ID: 1202531
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS12-025
Fixlet Description: Microsoft has released a security update that resolves one privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. In a web browsing attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS12-025: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 1.1 SP1 - Windows XP SP3 / Vista SP2 / 2008 SP2 - V2.0
Severity: Critical
Fixlet ID: 1202555
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS12-025
Fixlet Description: Microsoft has released a security update that resolves one privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. In a web browsing attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS12-025: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 2.0 SP2 - Windows XP SP3 / 2003 SP2 - V2.0
Severity: Critical
Fixlet ID: 1202557
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS12-025
Fixlet Description: Microsoft has released a security update that resolves one privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. In a web browsing attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS12-025: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 4 - Windows XP SP3 / 2003 SP2 / Vista SP2 / 2008 SP2 / 7 Gold/SP1 - V2.0
Severity: Critical
Fixlet ID: 1202559
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS12-025
Fixlet Description: Microsoft has released a security update that resolves one privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. In a web browsing attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS12-025: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 2.0 SP2 - Windows XP SP2 / 2003 SP2 (x64) - V2.0
Severity: Critical
Fixlet ID: 1202561
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS12-025
Fixlet Description: Microsoft has released a security update that resolves one privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. In a web browsing attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS12-025: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 4 - Windows XP SP2 / 2003 SP2 / Vista SP2 / 2008 SP2 / 7 Gold/SP1 / 2008 R2 Gold/SP1 (x64) - V2.0
Severity: Critical
Fixlet ID: 1202563
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS12-025
Fixlet Description: Microsoft has released a security update that resolves one privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. In a web browsing attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS12-025: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 1.1 SP1 - Windows Server 2003 SP2 - V2.0
Severity: Critical
Fixlet ID: 1202565
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS12-025
Fixlet Description: Microsoft has released a security update that resolves one privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. In a web browsing attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS12-025: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 2.0 SP2 - Windows Vista SP2 / 2008 SP2 - V2.0
Severity: Critical
Fixlet ID: 1202567
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS12-025
Fixlet Description: Microsoft has released a security update that resolves one privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. In a web browsing attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS12-025: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 2.0 SP2 - Windows Vista SP2 / 2008 SP2 (x64) - V2.0
Severity: Critical
Fixlet ID: 1202569
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS12-025
Fixlet Description: Microsoft has released a security update that resolves one privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. In a web browsing attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS12-025: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 3.5.1 - Windows 7 Gold - V2.0
Severity: Critical
Fixlet ID: 1202571
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS12-025
Fixlet Description: Microsoft has released a security update that resolves one privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. In a web browsing attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS12-025: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 3.5.1 - Windows 7 SP1 - V2.0
Severity: Critical
Fixlet ID: 1202573
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS12-025
Fixlet Description: Microsoft has released a security update that resolves one privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. In a web browsing attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS12-025: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 3.5.1 - Windows 7 / 2008 R2 Gold (x64) - V2.0
Severity: Critical
Fixlet ID: 1202575
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS12-025
Fixlet Description: Microsoft has released a security update that resolves one privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. In a web browsing attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS12-025: Vulnerability in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 3.5.1 - Windows 7 SP1 / 2008 R2 SP1 (x64) - V2.0
Severity: Critical
Fixlet ID: 1202577
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS12-025
Fixlet Description: Microsoft has released a security update that resolves one privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. In a web browsing attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS12-040: Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege - Dynamics AX 2012 Enterprise Portal (KB2706738)
Severity: Important
Fixlet ID: 1204001
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS12-040
Fixlet Description: Important Note: The relevance in this audit only fixlet may detect false positives due to incomplete information from Microsoft at this time.
Important Note: Selecting the first action will change this Fixlet's applicability on relevant systems to false by adding a custom registry key to these systems. To undo this action, the user will need to create a custom Fixlet to remove this registry key.
Microsoft has released a security update that resolves one privately reported vulnerability in Microsoft Dynamics AX Enterprise Portal. The vulnerability could allow elevation of privilege if a user clicks a specially crafted URL or visits a specially crafted website. In an email attack scenario, an attacker could exploit the vulnerability by sending an email message that contains the specially crafted URL to the user of the targeted Microsoft Dynamics AX Enterprise Portal site and by convincing the user to click the specially crafted URL. Internet Explorer 8 and Internet Explorer 9 users browsing to a Microsoft Dynamics AX Enterprise Portal site in the Internet Zone are at a reduced risk. By default, the XSS Filter in Internet Explorer 8 and Internet Explorer 9 prevents this attack in the Internet Zone. However, the XSS Filter in Internet Explorer 8 and Internet Explorer 9 is not enabled by default in the Intranet Zone. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS12-040: Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege - Dynamics AX 2012 Enterprise Portal (KB2710639)
Severity: Important
Fixlet ID: 1204003
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS12-040
Fixlet Description: Important Note: The relevance in this audit only fixlet may detect false positives due to incomplete information from Microsoft at this time.
Important Note: Selecting the first action will change this Fixlet's applicability on relevant systems to false by adding a custom registry key to these systems. To undo this action, the user will need to create a custom Fixlet to remove this registry key.
Microsoft has released a security update that resolves one privately reported vulnerability in Microsoft Dynamics AX Enterprise Portal. The vulnerability could allow elevation of privilege if a user clicks a specially crafted URL or visits a specially crafted website. In an email attack scenario, an attacker could exploit the vulnerability by sending an email message that contains the specially crafted URL to the user of the targeted Microsoft Dynamics AX Enterprise Portal site and by convincing the user to click the specially crafted URL. Internet Explorer 8 and Internet Explorer 9 users browsing to a Microsoft Dynamics AX Enterprise Portal site in the Internet Zone are at a reduced risk. By default, the XSS Filter in Internet Explorer 8 and Internet Explorer 9 prevents this attack in the Internet Zone. However, the XSS Filter in Internet Explorer 8 and Internet Explorer 9 is not enabled by default in the Intranet Zone. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
***************************************************************
Title: MS12-040: Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege - Dynamics AX 2012 Enterprise Portal (KB2711239)
Severity: Important
Fixlet ID: 1204005
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS12-040
Fixlet Description: Microsoft has released a security update that resolves one privately reported vulnerability in Microsoft Dynamics AX Enterprise Portal. The vulnerability could allow elevation of privilege if a user clicks a specially crafted URL or visits a specially crafted website. In an email attack scenario, an attacker could exploit the vulnerability by sending an email message that contains the specially crafted URL to the user of the targeted Microsoft Dynamics AX Enterprise Portal site and by convincing the user to click the specially crafted URL. Internet Explorer 8 and Internet Explorer 9 users browsing to a Microsoft Dynamics AX Enterprise Portal site in the Internet Zone are at a reduced risk. By default, the XSS Filter in Internet Explorer 8 and Internet Explorer 9 prevents this attack in the Internet Zone. However, the XSS Filter in Internet Explorer 8 and Internet Explorer 9 is not enabled by default in the Intranet Zone. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
Important Note: Due to the complexity of this update, installation of the update must be completed manually.
Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.
More information about the BigFix-Announcements
mailing list