While seven bulletins from Microsoft is generally a “light” release, bulletin MS12-034 surprisingly addresses a number of vulnerabilities found in the Windows operating system, MS Office, Silverlight, and .NET Framework. Of note, Microsoft mentions that this particular bulletin supersedes MS11-087, the bulletin meant to address the Win32k TrueType Font (TTF) vulnerability that was used by the DUQU malware back in November 2011. Read more on the DUQU attack in this Threat Encyclopedia page.
As elaborated in the Microsoft blog post, MS12-034 lists down several versions of affected software as the TTF vulnerability also directly or indirectly affects these software. Trend Micro Deep Security users can apply rules 1005009 – Win23k TrueType Font Parsing Vulnerability (CVE-2012-0159) and 1005009 – .NET Framework Buffer Allocation Vulnerability (CVE-2012-0162) to ensure protection from attacks that might use these vulnerabilities. More information on patched MS vulnerabilities this month are found here in the Threat Encyclopedia.
In other vulnerability news, Oracle issued a security alert that brings to attention a vulnerability in TNS listener, which is found in several versions of the Oracle Database Server. Oracle recommends to its customers to apply workarounds found in their customer portal. The vulnerable component also affects other Oracle products such as the Oracle E-Business Suite. Trend Micro Deep Security users are protected from attacks that might use this particular vulnerability by applying rule 1004995 – Oracle Database TNS Listener Poison Attack Vulnerability.
Lastly, Adobe released a security update for Adobe Flash Player for Windows, Macintosh, Linux, and Android operating systems. As of this writing, Trend Micro is investigating attacks that are actively using CVE-2012-0779, which is addressed by Adobe’s security update. Applying rule 1005000 – Adobe Flash Player Object Confusion Vulnerability (CVE-2012-0779) ensures protection from exploits using CVE-2012-0779.
Update as of May 11, 2012, 7:55 AM PST
The following additional Deep Security rules have been issued to ensure protection against attacks using some of the aforementioned vulnerabilities:
- 1005019 – Restrict Microsoft Office File With Linked SWF has been added to protect against attacks using the vulnerability in CVE-2012-0779
- 1004997 – Detected Too Many Oracle TNS Service Register Requests has been added to protect again attacks using the vulnerability in CVE-2012-1675
