Microsoft Patch Tuesday Coverage February 2012
Some quite interesting vulnerabilities this month, very weaponizable issues.
We highly recommend pushing patches and ET Pro signature detection asap!
| Bulletin | CVE | Title | Notes | ET Pro Coverage |
| MS12-008 | CVE-2012-1054 | Keyboard Layout User After Free Vulnerability | Local Only | Not IDS Coverable |
| MS12-008 | CVE-2011-5046 | GDI Access Violation Vulnerability | Difficult to Exploit | 2804510 |
| MS12-009 | CVE-2012-0148 | AfdPoll Elevation of Privilege Vulnerability | Local Only | Not IDS Coverable |
| MS12-009 | CVE-2012-0149 | Ancillary Function Driver Elevation of Privilege Vulnerability | Local Only | Not IDS Coverable |
| MS12-010 | CVE-2012-0011 | HtmlLayout Remote Code Execution Vulnerability | Exploitation Likely, HTML Driveby | 2804511 |
| MS12-010 | CVE-2012-0012 | Null Byte Information Disclosure Vulnerability | Information Disclosure Only | 2804521 |
| MS12-010 | CVE-2012-0155 | VML Remote Code Execution Vulnerability | Exploitation Likely, HTML Driveby | 2804511 |
| MS12-011 | CVE-2012-0017 | XSS in inplview.aspx | 2804512 | |
| MS12-011 | CVE-2012-0144 | XSS in themeweb.aspx | 2804513 | |
| MS12-011 | CVE-2012-0145 | XSS in wizardlist.aspx | 2804514 | |
| MS12-012 | CVE-2010-5082 | Color Control Panel (colorui.dll) Insecure Library Loading | Publicly Disclosed and Exploitable | 2804516-2804520 |
| MS12-013 | CVE-2012-0150 | Msvcrt.dll buffer overflow vulnerability | Exploitation Likely | 2804515 |
| MS12-014 | CVE-2010-3138 | Indeo Audio Codec Insecure Library Loading Vulnerability | Exploitation Likely, Publicly Disclosed | Previously Covered in 2801601 |
| MS12-015 | CVE-2012-0019 | VSD File Format Memory Corruption (2) | Exploitation Likely | Continuing Research |
| MS12-015 | CVE-2012-0020 | VSD File Format Memory Corruption (3) | Exploitation Likely | 2804523 (to be released) |
| MS12-015 | CVE-2012-0136 | VSD File Format Memory Corruption (4) | Difficult to Exploit | 2804524 (to be released) |
| MS12-015 | CVE-2012-0137 | VSD File Format Memory Corruption (5) | Difficult to Exploit | Continuing Research |
| MS12-015 | CVE-2012-0138 | VSD File Format Memory Corruption (6) | Difficult to Exploit | Continuing Research |
| MS12-016 | CVE-2012-0014 | .NET Framework Unmaged Objects Vulnerability | Exploitation Likely | 2804507 |
| MS12-016 | CVE-2012-0015 | .NET Framework Heap Corruption Vulnerability | Exploitation Likely | 2804508-2804509 |
