Microsoft released today six bulletins addressing several vulnerabilities for the month of April. Of note, the update patching Internet Explorer versions 6-9 and the update addressing the Windows Common Controls ActiveX control, which is used in a number of Microsoft programs such MS Office.
This MSRC blog entry reports that there have been some attacks using the MS12-027 vulnerability. While these attacks were not elaborated, the report claims attackers are using specially crafted MS Office documents to exploit this vulnerability. MS Office 2007 and MS Office 2010 users can actively protect their computers by disabling ActiveX controls via the Trust Center Settings > ActiveX Settings. More details of this workaround are found in the MSRC blog.
Note that the vulnerability described in the MS12-027 bulletin also affects several versions of Visual FoxPro, Commerce Server, BizTalk Server, as well as SQL Server. It is highly recommended to apply updates whenever possible.
Bulletin MS12-023, on the other hand, provides protection from five identified vulnerabilities in Internet Explorer 6, 7, 8, and 9 versions. This particular update includes a multi-layered approach of defense against the five vulnerabilities found in Internet Explorer. More information on the said vulnerabilities can be found in this Threat Encyclopedia page.
Trend Micro Deep Security users are protected from attacks using MS12-023 by applying the following rules:
- 1004970 – Microsoft Internet Explorer ‘OnReadyStateChange’ Remote Code Execution Vulnerability (CVE-2012-0170)
- 1004971 – VML Style Remote Code Execution Vulnerability (CVE-2012-0172)
- 1004975 – Microsoft Internet Explorer ‘selectAll’ Remote Code Execution Vulnerability (CVE-2012-0171)
In addition, Deep Security also protects users from exploits using MS12-027 via 1004973 – MSCOMCTL.OCX RCE Vulnerability (CVE-2012-0158) and 1004977 – Microsoft Windows MSCOMCTL.OCX Remote Code Execution Vulnerability (CVE-2012-0158). Moreover, Deep Security provides a layer of protection for systems that cannot be patched or updated right away. Using its vulnerability shielding feature, systems hosting critical applications or legacy systems that cannot be updated immediately are protected from any attack using any of the vulnerabilities mentioned.
A complete list of rules for this month’s patches is found in this Threat Encyclopedia page.