This bulletin summary lists security bulletins released for March 2012.
With the release of the security bulletins for March 2012, this bulletin summary replaces the bulletin advance notification originally issued March 8, 2012. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.
For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications.
| Bulletin ID | Bulletin Title and Executive Summary | Maximum Severity Rating and Vulnerability Impact | Restart Requirement | Affected Software |
|---|---|---|---|---|
| MS12-020 | Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)This security update resolves two privately reported vulnerabilities in the Remote Desktop Protocol. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk. | Critical Remote Code Execution |
Requires restart | Microsoft Windows |
| MS12-017 | Vulnerability in DNS Server Could Allow Denial of Service (2647170)This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a remote unauthenticated attacker sends a specially crafted DNS query to the target DNS server. | Important Denial of Service |
Requires restart | Microsoft Windows |
| MS12-018 | Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2641653)This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. | Important Elevation of Privilege |
Requires restart | Microsoft Windows |
| MS12-021 | Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019)This security update resolves one privately reported vulnerability in Visual Studio. The vulnerability could allow elevation of privilege if an attacker places a specially crafted add-in in the path used by Visual Studio and convinces a user with higher privileges to start Visual Studio. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. | Important Elevation of Privilege |
May require restart | Microsoft Visual Studio |
| MS12-022 | Vulnerability in Expression Design Could Allow Remote Code Execution (2651018)This security update resolves one privately reported vulnerability in Microsoft Expression Design. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .xpr or .DESIGN file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Microsoft Expression Design could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .xpr or .DESIGN file) from this location that is then loaded by a vulnerable application. | Important Remote Code Execution |
May require restart | Microsoft Expression Design |
| MS12-019 | Vulnerability in DirectWrite Could Allow Denial of Service (2665364)This security update resolves a publicly disclosed vulnerability in Windows DirectWrite. In an Instant Messager-based attack scenario, the vulnerability could allow denial of service if an attacker sends a specially crafted sequence of Unicode characters directly to an Instant Messenger client. The target application could become unresponsive when DirectWrite renders the specially crafted sequence of Unicode characters. | Moderate Denial of Service |
May require restart | Microsoft Windows |
Advanced Network Consulting has been providing Information Technology consulting solutions for Southern California business for almost 20 years.
Specializing in deploying Microsoft based solutions for small and medium business in LA and Orange County, we offer years of expertise in Windows Servers, Exchange, SQL Server as well as a deep knowledge or general networking. Advanced Network Consulting is your one stop computer consulting solution provider. From network cabling and office relocation’s, server, desktop and laptop installations to staff training, troubleshooting, upgrades and everything in between, Advanced Network Consulting can provide the solution your business is looking for.