The Microsoft Security Bulletin Summary for July 2012 contains nine security bulletins addressing 16 CVEs. Three of the bulletins are rated critical and the other six are rated important.

All of the critical bulletins address vulnerabilities where a victim could be exploited if they visit malicious web pages, and should serve as a warning that organizations will continue to face client-side browser related attacks.

MS12-043 addresses a vulnerability that is currently being exploited in the wild, and Microsoft predicts that MS12-044 and MS12-045 could also have reliable exploit code available within 30 days.

Exploits targeting these vulnerabilities will likely be added to mass malware kits such as the Blackhole Exploit Kit once reliable exploit code is available.

MS12-043 addresses the CVE-2012-1889 vulnerability that is actively being exploited in the wild. Organizations should be aware that this update only patches MSXML versions 3, 4, and 6. All active exploitation has been leveraging attacks against MSXML version 3.

MSXML version 5 will be addressed in a future security update, which means organizations should apply the interim fix provided with Microsoft Knowledge Base Article 2719615 in the meantime.

MS12-044 is a critical cumulative Security Update for Internet Explorer. This is a critical bulletin that patches vulnerabilities that only affect Internet Explorer version 9. Since Internet Explorer versions 6, 7, and 8 are not affected, it indicates that this is a new vulnerability introduced with the new code base of version 9.

MS12-045 is a critical bulletin that patches vulnerabilities in Microsoft Data Access Components (MDAC). It appears that this vulnerability could be used to compromise any application that leverages MDAC, if the victim visits a malicious URL.

The three critical bulletins should be tested and patched as soon as possible. Of the important bulletins, MS12-046 and MS12-048 should be next on everyone's “Must Patch” list. MS12-046 and MS12-048 can both exploit victims who navigate to malicious WebDAV or SMB shares and opens malicious files in the malicious directory. These two bulletins are primed for spear phishing attacks.

MS12-046 addresses a DLL Preloading vulnerability related to Visual Basic for Applications [VBA]. There are targeted attacks in the wild that are exploiting this vulnerability. In regards to MS12-048, Microsoft predicts reliable exploit code will be developed within 30 days.

After MS12-046 and MS12-048 businesses can focus on the rest of the bulletins.


Author: Marcus Carey, security researcher at Rapid7.