Background

On April 11, 2012, Microsoft released patch MS12-027 which fixed a vulnerability in Windows Common Controls that if exploited could allow remote code execution. Active exploits of this vulnerability have already been seen in the wild.

Impact

On a computer running the affected platforms listed below, a malicious website can exploit this vulnerability to run code on the machine. Attackers have leveraged this vulnerability in limited, targeted attacks by emailing a malicious RTF file to victims. Victims open the RTF in WordPad or Word, triggering code execution in the context of a logged-on user.

Platforms Affected

• Microsoft Office versions 2003, 2007, 2010
• Microsoft SQL Server versions 2000, 2005, 2008, 2008 R2
• Microsoft BizTalk Server 2002
• Microsoft Commerce Server 2002, 2007, 2009, 2009 R2
• Microsoft Visual FoxPro 8.0, 9.0
• Visual Basic 6.0

Local Observations

Microsoft is aware of active attacks exploiting this vulnerability. There are no reports of local targeted attacks at IU.

UISO Recommendations

Microsoft Security Bulletin MS12-027 includes a patch that should be applied as soon as possible.

For more on updating your Windows installation, visit: What is Windows Update, and how do I use it to update my Windows installation?

Further Reading