Microsoft Security Bulletin MS12-043 - Critical

Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479)

General Information

Executive Summary

This security update resolves a publicly disclosed vulnerability in Microsoft XML Core Services. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes the user to the attacker's website.
This security update is rated Critical for Microsoft XML Core Services 3.0, Microsoft XML Core Services 4.0, and Microsoft XML Core Services 6.0 on all supported editions of Windows XP, Windows Vista, and Windows 7; Critical for Microsoft XML Core Services 4.0 when installed on all supported editions of Windows 8; Critical for Microsoft XML Core Services 5.0 when installed with all supported editions of Microsoft Office 2003, Microsoft Office 2007, Microsoft Office Word Viewer, Microsoft Office Compatibility Pack, Microsoft Expression Web, Microsoft Office SharePoint Server 2007, Microsoft Groove 2007, and Microsoft Groove Server 2007; Moderate for Microsoft XML Core Services 3.0, 4.0, and 6.0 on all supported editions of Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2; and Moderate for Microsoft XML Core Services 4.0 when installed on all supported editions of Windows Server 2012. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses the vulnerability by modifying the way that MSXML initializes objects in memory before use. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.
This security update also addresses the vulnerability first described in Microsoft Security Advisory 2719615.
Recommendation. The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.
For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.
See also the section, Detection and Deployment Tools and Guidance, later in this bulletin.
Known Issues. Microsoft Knowledge Base Article 2722479 documents the currently known issues that customers may experience when installing this security update. The article also documents recommended solutions for these issues. When currently known issues and recommended solutions pertain only to specific releases of this software, this article provides links to further articles.

Top of section

Affected and Non-Affected Software

The following software have been tested to determine which versions or editions are affected. Other versions or editions are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, visit Microsoft Support Lifecycle.
Affected Software
Windows Operating Systems and Components

Operating System	Component	Maximum Security Impact	Aggregate Severity Rating	Updates Replaced
Windows XP
Windows XP Service Pack 3	Microsoft XML Core Services 3.0 (KB2719985) Microsoft XML Core Services 4.0 (KB2721691) Microsoft XML Core Services 6.0 (KB2719985)	Remote Code Execution	Critical	KB2079403 in MS10-051 replaced by KB2719985 KB954430 in MS08-069 replaced by KB2721691 KB954459 in MS08-069 replaced by KB2719985
Windows XP Professional x64 Edition Service Pack 2	Microsoft XML Core Services 3.0 (KB2719985) Microsoft XML Core Services 4.0 (KB2721691) Microsoft XML Core Services 6.0 (KB2721693)	Remote Code Execution	Critical	KB2079403 in MS10-051 replaced by KB2719985 KB954430 in MS08-069 replaced by KB2721691 KB954459 in MS08-069 replaced by KB2721693
Windows Server 2003
Windows Server 2003 Service Pack 2	Microsoft XML Core Services 3.0 (KB2719985) Microsoft XML Core Services 4.0 (KB2721691) Microsoft XML Core Services 6.0 (KB2721693)	Remote Code Execution	Moderate	KB2079403 in MS10-051 replaced by KB2719985 KB954430 in MS08-069 replaced by KB2721691 KB954459 in MS08-069 replaced by KB2721693
Windows Server 2003 x64 Edition Service Pack 2	Microsoft XML Core Services 3.0 (KB2719985) Microsoft XML Core Services 4.0 (KB2721691) Microsoft XML Core Services 6.0 (KB2721693)	Remote Code Execution	Moderate	KB2079403 in MS10-051 replaced by KB2719985 KB954430 in MS08-069 replaced by KB2721691 KB954459 in MS08-069 replaced by KB2721693
Windows Server 2003 with SP2 for Itanium-based Systems	Microsoft XML Core Services 3.0 (KB2719985) Microsoft XML Core Services 4.0 (KB2721691) Microsoft XML Core Services 6.0 (KB2721693)	Remote Code Execution	Moderate	KB2079403 in MS10-051 replaced by KB2719985 KB954430 in MS08-069 replaced by KB2721691 KB954459 in MS08-069 replaced by KB2721693
Windows Vista
Windows Vista Service Pack 2	Microsoft XML Core Services 3.0 (KB2719985) Microsoft XML Core Services 4.0 (KB2721691) Microsoft XML Core Services 6.0 (KB2719985)	Remote Code Execution	Critical	KB2079403 in MS10-051 replaced by KB2719985 KB954430 in MS08-069 replaced by KB2721691 No updates replaced by KB2719985
Windows Vista x64 Edition Service Pack 2	Microsoft XML Core Services 3.0 (KB2719985) Microsoft XML Core Services 4.0 (KB2721691) Microsoft XML Core Services 6.0 (KB2719985)	Remote Code Execution	Critical	KB2079403 in MS10-051 replaced by KB2719985 KB954430 in MS08-069 replaced by KB2721691 No updates replaced by KB2719985
Windows Server 2008
Windows Server 2008 for 32-bit Systems Service Pack 2	Microsoft XML Core Services 3.0 (KB2719985) Microsoft XML Core Services 4.0 (KB2721691) Microsoft XML Core Services 6.0 (KB2719985)	Remote Code Execution	Moderate	KB2079403 in MS10-051 replaced by KB2719985 KB954430 in MS08-069 replaced by KB2721691 No updates replaced by KB2719985
Windows Server 2008 for x64-based Systems Service Pack 2	Microsoft XML Core Services 3.0 (KB2719985) Microsoft XML Core Services 4.0 (KB2721691) Microsoft XML Core Services 6.0 (KB2719985)	Remote Code Execution	Moderate	KB2079403 in MS10-051 replaced by KB2719985 KB954430 in MS08-069 replaced by KB2721691 No updates replaced by KB2719985
Windows Server 2008 for Itanium-based Systems Service Pack 2	Microsoft XML Core Services 3.0 (KB2719985) Microsoft XML Core Services 4.0 (KB2721691) Microsoft XML Core Services 6.0 (KB2719985)	Remote Code Execution	Moderate	KB2079403 in MS10-051 replaced by KB2719985 KB954430 in MS08-069 replaced by KB2721691 No updates replaced by KB2719985
Windows 7
Windows 7 for 32-bit Systems	Microsoft XML Core Services 3.0 (KB2719985) Microsoft XML Core Services 4.0 (KB2721691) Microsoft XML Core Services 6.0 (KB2719985)	Remote Code Execution	Critical	KB2079403 in MS10-051 replaced by KB2719985 KB954430 in MS08-069 replaced by KB2721691 No updates replaced by KB2719985
Windows 7 for 32-bit Systems Service Pack 1	Microsoft XML Core Services 3.0 (KB2719985) Microsoft XML Core Services 4.0 (KB2721691) Microsoft XML Core Services 6.0 (KB2719985)	Remote Code Execution	Critical	No updates replaced by KB2719985 KB954430 in MS08-069 replaced by KB2721691 No updates replaced by KB2719985
Windows 7 for x64-based Systems	Microsoft XML Core Services 3.0 (KB2719985) Microsoft XML Core Services 4.0 (KB2721691) Microsoft XML Core Services 6.0 (KB2719985)	Remote Code Execution	Critical	KB2079403 in MS10-051 replaced by KB2719985 KB954430 in MS08-069 replaced by KB2721691 No updates replaced by KB2719985
Windows 7 for x64-based Systems Service Pack 1	Microsoft XML Core Services 3.0 (KB2719985) Microsoft XML Core Services 4.0 (KB2721691) Microsoft XML Core Services 6.0 (KB2719985)	Remote Code Execution	Critical	No updates replaced by KB2719985 KB954430 in MS08-069 replaced by KB2721691 No updates replaced by KB2719985
Windows Server 2008 R2
Windows Server 2008 R2 for x64-based Systems	Microsoft XML Core Services 3.0 (KB2719985) Microsoft XML Core Services 4.0 (KB2721691) Microsoft XML Core Services 6.0 (KB2719985)	Remote Code Execution	Moderate	KB2079403 in MS10-051 replaced by KB2719985 KB954430 in MS08-069 replaced by KB2721691 No updates replaced by KB2719985
Windows Server 2008 R2 for x64-based Systems Service Pack 1	Microsoft XML Core Services 3.0 (KB2719985) Microsoft XML Core Services 4.0 (KB2721691) Microsoft XML Core Services 6.0 (KB2719985)	Remote Code Execution	Moderate	No updates replaced by KB2719985 KB954430 in MS08-069 replaced by KB2721691 No updates replaced by KB2719985
Windows Server 2008 R2 for Itanium-based Systems	Microsoft XML Core Services 3.0 (KB2719985) Microsoft XML Core Services 4.0 (KB2721691) Microsoft XML Core Services 6.0 (KB2719985)	Remote Code Execution	Moderate	KB2079403 in MS10-051 replaced by KB2719985 KB954430 in MS08-069 replaced by KB2721691 No updates replaced by KB2719985
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1	Microsoft XML Core Services 3.0 (KB2719985) Microsoft XML Core Services 4.0 (KB2721691) Microsoft XML Core Services 6.0 (KB2719985)	Remote Code Execution	Moderate	No updates replaced by KB2719985 KB954430 in MS08-069 replaced by KB2721691 No updates replaced by KB2719985
Windows 8
Windows 8 for 32-bit Systems	Microsoft XML Core Services 4.0 (KB2721691)	Remote Code Execution	Critical	None
Windows 8 for 64-bit Systems	Microsoft XML Core Services 4.0 (KB2721691)	Remote Code Execution	Critical	None
Windows Server 2012
Windows Server 2012	Microsoft XML Core Services 4.0 (KB2721691)	Remote Code Execution	Moderate	None

Microsoft Office Suites and Software

Office Software	Component	Maximum Security Impact	Aggregate Severity Rating	Updates Replaced
Microsoft Office Suites and Components
Microsoft Office 2003 Service Pack 3	Microsoft XML Core Services 5.0[1] (KB2687627)	Remote Code Execution	Critical	KB951535 in MS08-069 replaced by KB2687324 or KB2687627
Microsoft Office 2007 Service Pack 2	Microsoft XML Core Services 5.0 (KB2596856)	Remote Code Execution	Critical	None
Microsoft Office 2007 Service Pack 3	Microsoft XML Core Services 5.0 (KB2596856)	Remote Code Execution	Critical	None
Other Microsoft Office Software
Microsoft Office Word Viewer	Microsoft XML Core Services 5.0 (KB2596856)	Remote Code Execution	Critical	None
Microsoft Office Compatibility Pack Service Pack 2	Microsoft XML Core Services 5.0 (KB2596856)	Remote Code Execution	Critical	None
Microsoft Office Compatibility Pack Service Pack 3	Microsoft XML Core Services 5.0 (KB2596856)	Remote Code Execution	Critical	None
Microsoft Groove 2007 Service Pack 2	Microsoft XML Core Services 5.0[2] (KB2687497)	Remote Code Execution	Critical	None
Microsoft Groove 2007 Service Pack 3	Microsoft XML Core Services 5.0[2] (KB2687497)	Remote Code Execution	Critical	None

^[1]Although the rereleased update (KB2687627) replaces the original update (KB2687324) for Microsoft Office 2003 Service Pack 3, customers who have successfully installed the KB2687324 update do not need to install the KB2687627 update. For more information, see the update FAQ.
^[2]Although the rereleased update (KB2687497) replaces the original update (KB2596679) for Microsoft Groove 2007 Service Pack 2 and Microsoft Groove 2007 Service Pack 3, customers who have successfully installed the KB2596679 update do not need to install the KB2687497 update. For more information, see the update FAQ.

Microsoft Developer Tools and Software

Software	Component	Maximum Security Impact	Aggregate Severity Rating	Updates Replaced
Microsoft Expression Web Service Pack 1	Microsoft XML Core Services 5.0 (KB2596856)	Remote Code Execution	Critical	None
Microsoft Expression Web 2	Microsoft XML Core Services 5.0 (KB2596856)	Remote Code Execution	Critical	KB951550 in MS08-069 replaced by KB2596856

Microsoft Server Software

Software	Component	Maximum Security Impact	Aggregate Severity Rating	Updates Replaced
Microsoft Office SharePoint Server 2007 Service Pack 2 (32-bit editions)	Microsoft XML Core Services 5.0[2] (KB2687497)	Remote Code Execution	Critical	None
Microsoft Office SharePoint Server 2007 Service Pack 2 (64-bit editions)	Microsoft XML Core Services 5.0[2] (KB2687497)	Remote Code Execution	Critical	None
Microsoft Office SharePoint Server 2007 Service Pack 3 (32-bit editions)	Microsoft XML Core Services 5.0[2] (KB2687497)	Remote Code Execution	Critical	None
Microsoft Office SharePoint Server 2007 Service Pack 3 (64-bit editions)	Microsoft XML Core Services 5.0[2] (KB2687497)	Remote Code Execution	Critical	None
Microsoft Groove Server 2007 Service Pack 2	Microsoft XML Core Services 5.0[2] (KB2687497)	Remote Code Execution	Critical	None
Microsoft Groove Server 2007 Service Pack 3	Microsoft XML Core Services 5.0[2] (KB2687497)	Remote Code Execution	Critical	None

^[2]Although the rereleased update (KB2687497) replaces the original update (KB2596679) for affected editions of Microsoft Office SharePoint Server 2007 and Microsoft Groove Server 2007, customers who have successfully installed the KB2596679 update do not need to install the KB2687497 update. For more information, see the update FAQ.

 

Microsoft Security Bulletin Advance Notification for December 2012

Affected Software This advance notification provides a number as the bulletin identifier, because the official Microsoft Security Bulletin numbers are not issued until release. The bulletin summary that replaces this advance notification will have the proper Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the bulletin identifier. Windows Operating System and Components Windows XP Bulletin Identifier Bulletin 1 Bulletin 2 Bulletin 5 Bulletin 6 Bulletin 7 Aggregate Severity Rating None Critical Critical Important None Windows XP Service Pack 3 Internet Explorer 6 (No severity rating) Internet Explorer 7 (No severity rating) Internet Explorer 8 (No severity rating) Windows XP Service Pack 3 (Critical) Windows XP Service Pack 3 (Critical) Windows XP Service Pack 3 (Important) Not applicable Windows XP Professional x64 Edition Service Pack 2 Internet Explorer 6 (No severity rating) Internet Explorer 7 (No severity rating) Internet Explorer 8 (No severity rating) Windows XP Professional x64 Edition Service Pack 2 (Critical) Windows XP Professional x64 Edition Service Pack 2 (Critical) Windows XP Professional x64 Edition Service Pack 2 (Important) Not applicable Windows Server 2003 Bulletin Identifier Bulletin 1 Bulletin 2 Bulletin 5 Bulletin 6 Bulletin 7 Aggregate Severity Rating None Critical Critical Important None Windows Server 2003 Service Pack 2 Internet Explorer 6 (No severity rating) Internet Explorer 7 (No severity rating) Internet Explorer 8 (No severity rating) Windows Server 2003 Service Pack 2 (Critical) Windows Server 2003 Service Pack 2 (Critical) Windows Server 2003 Service Pack 2 (Important) Not applicable Windows Server 2003 x64 Edition Service Pack 2 Internet Explorer 6 (No severity rating) Internet Explorer 7 (No severity rating) Internet Explorer 8 (No severity rating) Windows Server 2003 x64 Edition Service Pack 2 (Critical) Windows Server 2003 x64 Edition Service Pack 2 (Critical) Windows Server 2003 x64 Edition Service Pack 2 (Important) Not applicable Windows Server 2003 with SP2 for Itanium-based Systems Internet Explorer 6 (No severity rating) Internet Explorer 7 (No severity rating) Windows Server 2003 with SP2 for Itanium-based Systems (Critical) Windows Server 2003 with SP2 for Itanium-based Systems (Critical) Windows Server 2003 with SP2 for Itanium-based Systems (Important) Not applicable Windows Vista Bulletin Identifier Bulletin 1 Bulletin 2 Bulletin 5 Bulletin 6 Bulletin 7 Aggregate Severity Rating Critical Critical Critical Important None Windows Vista Service Pack 2 Internet Explorer 7 (No severity rating) Internet Explorer 8 (No severity rating) Internet Explorer 9 (Critical) Windows Vista Service Pack 2 (Critical) Windows Vista Service Pack 2 (Critical) Windows Vista Service Pack 2 (Important) Not applicable Windows Vista x64 Edition Service Pack 2 Internet Explorer 7 (No severity rating) Internet Explorer 8 (No severity rating) Internet Explorer 9 (Critical) Windows Vista x64 Edition Service Pack 2 (Critical) Windows Vista x64 Edition Service Pack 2 (Critical) Windows Vista x64 Edition Service Pack 2 (Important) Not applicable Windows Server 2008 Bulletin Identifier Bulletin 1 Bulletin 2 Bulletin 5 Bulletin 6 Bulletin 7 Aggregate Severity Rating Moderate Critical Critical Important None Windows Server 2008 for 32-bit Systems Service Pack 2 Internet Explorer 7 (No severity rating) Internet Explorer 8 (No severity rating) Internet Explorer 9 (Moderate) Windows Server 2008 for 32-bit Systems Service Pack 2 (Critical) Windows Server 2008 for 32-bit Systems Service Pack 2 (Critical) Windows Server 2008 for 32-bit Systems Service Pack 2 (Important) Not applicable Windows Server 2008 for x64-based Systems Service Pack 2 Internet Explorer 7 (No severity rating) Internet Explorer 8 (No severity rating) Internet Explorer 9 (Moderate) Windows Server 2008 for x64-based Systems Service Pack 2 (Critical) Windows Server 2008 for x64-based Systems Service Pack 2 (Critical) Windows Server 2008 for x64-based Systems Service Pack 2 (Important) Not applicable Windows Server 2008 for Itanium-based Systems Service Pack 2 Internet Explorer 7 (No severity rating) Windows Server 2008 for Itanium-based Systems Service Pack 2 (Critical) Windows Server 2008 for Itanium-based Systems Service Pack 2 (Critical) Windows Server 2008 for Itanium-based Systems Service Pack 2 (Important) Not applicable Windows 7 Bulletin Identifier Bulletin 1 Bulletin 2 Bulletin 5 Bulletin 6 Bulletin 7 Aggregate Severity Rating Critical Critical Critical Important None Windows 7 for 32-bit Systems Internet Explorer 8 (No severity rating) Internet Explorer 9 (Critical) Windows 7 for 32-bit Systems (Critical) Windows 7 for 32-bit Systems (Critical) Windows 7 for 32-bit Systems (Important) Not applicable Windows 7 for 32-bit Systems Service Pack 1 Internet Explorer 8 (No severity rating) Internet Explorer 9 (Critical) Windows 7 for 32-bit Systems Service Pack 1 (Critical) Windows 7 for 32-bit Systems Service Pack 1 (Critical) Windows 7 for 32-bit Systems Service Pack 1 (Important) Not applicable Windows 7 for x64-based Systems Internet Explorer 8 (No severity rating) Internet Explorer 9 (Critical) Windows 7 for x64-based Systems (Critical) Windows 7 for x64-based Systems (Critical) Windows 7 for x64-based Systems (Important) Not applicable Windows 7 for x64-based Systems Service Pack 1 Internet Explorer 8 (No severity rating) Internet Explorer 9 (Critical) Windows 7 for x64-based Systems Service Pack 1 (Critical) Windows 7 for x64-based Systems Service Pack 1 (Critical) Windows 7 for x64-based Systems Service Pack 1 (Important) Not applicable Windows Server 2008 R2 Bulletin Identifier Bulletin 1 Bulletin 2 Bulletin 5 Bulletin 6 Bulletin 7 Aggregate Severity Rating Moderate Critical Critical Important Important Windows Server 2008 R2 for x64-based Systems Internet Explorer 8 (No severity rating) Internet Explorer 9 (Moderate) Windows Server 2008 R2 for x64-based Systems (Critical) Windows Server 2008 R2 for x64-based Systems (Critical) Windows Server 2008 R2 for x64-based Systems (Important) Windows Server 2008 R2 for x64-based Systems (Important) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Internet Explorer 8 (No severity rating) Internet Explorer 9 (Moderate) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Critical) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Critical) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Important) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Important) Windows Server 2008 R2 for Itanium-based Systems Internet Explorer 8 (No severity rating) Windows Server 2008 R2 for Itanium-based Systems (Critical) Windows Server 2008 R2 for Itanium-based Systems (Critical) Windows Server 2008 R2 for Itanium-based Systems (Important) Windows Server 2008 R2 for Itanium-based Systems (Important) Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Internet Explorer 8 (No severity rating) Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (Critical) Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (Critical) Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (Important) Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (Important)

Vulnerability Summary for the Week of November 19, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. 

• High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
  
  
  

  High Vulnerabilities
  Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
  Back to top
  adobe -- coldfusion	Unspecified vulnerability in Adobe ColdFusion 10 before Update 5, when Internet Information Services (IIS) is used, allows attackers to cause a denial of service via unknown vectors.	2012-11-20	7.1	CVE-2012-5674
  agilefleet -- fleetcommander	Multiple SQL injection vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.	2012-11-18	7.5	CVE-2012-4941
  agilefleet -- fleetcommander	Multiple cross-site request forgery (CSRF) vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to hijack the authentication of arbitrary users for requests that modify (1) passwords, (2) accounts, or (3) permissions.	2012-11-18	7.5	CVE-2012-4943
  agilefleet -- fleetcommander	Multiple unrestricted file upload vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary code by uploading a file via an unspecified page.	2012-11-18	7.5	CVE-2012-4944
  agilefleet -- fleetcommander	Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection" issue.	2012-11-18	7.5	CVE-2012-4945
  apple -- cups	CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.	2012-11-19	7.2	CVE-2012-5519
  flashtux -- weechat	Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remote attackers to cause a denial of service (crash or hang) and possibly execute arbitrary code via crafted IRC colors that are not properly decoded.	2012-11-19	7.5	CVE-2012-5854
  gegl -- gegl	Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large (1) width or (2) height value in a Portable Pixel Map (ppm) image, which triggers a heap-based buffer overflow.	2012-11-18	7.5	CVE-2012-4433
  havalite -- cms	SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter.	2012-11-17	7.5	CVE-2012-5894
  ibm -- websphere_datapower_xc10_appliance	The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 does not require authentication for an unspecified interface, which allows remote attackers to cause a denial of service (process exit) via unknown vectors.	2012-11-23	7.8	CVE-2012-5758
  ibm -- websphere_datapower_xc10_appliance	The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 allows remote authenticated users to bypass intended administrative-role requirements and perform arbitrary JMX operations via unspecified vectors.	2012-11-23	9.0	CVE-2012-5759
  irods -- irods	Multiple unspecified vulnerabilities in iRODS before 3.1 have unknown impact and attack vectors.	2012-11-17	10.0	CVE-2012-5895
  mozilla -- firefox	Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF image.	2012-11-21	9.3	CVE-2012-4202
  mozilla -- firefox	The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.	2012-11-21	10.0	CVE-2012-4204
  mozilla -- firefox	The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet.	2012-11-21	9.3	CVE-2012-4210
  mozilla -- firefox	Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.	2012-11-21	10.0	CVE-2012-4212
  mozilla -- firefox	Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.	2012-11-21	10.0	CVE-2012-4213
  mozilla -- firefox	Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-5840.	2012-11-21	10.0	CVE-2012-4214
  mozilla -- firefox	Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.	2012-11-21	10.0	CVE-2012-4215
  mozilla -- firefox	Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.	2012-11-21	10.0	CVE-2012-4216
  mozilla -- firefox	Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.	2012-11-21	10.0	CVE-2012-4217
  mozilla -- firefox	Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.	2012-11-21	10.0	CVE-2012-4218
  mozilla -- firefox	The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via function calls involving certain values of the level parameter.	2012-11-21	10.0	CVE-2012-5833
  mozilla -- firefox	Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via crafted data.	2012-11-21	10.0	CVE-2012-5835
  mozilla -- firefox	Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text.	2012-11-21	10.0	CVE-2012-5836
  mozilla -- firefox	The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions.	2012-11-21	10.0	CVE-2012-5838
  mozilla -- firefox	Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.	2012-11-21	10.0	CVE-2012-5839
  mozilla -- firefox	Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4214.	2012-11-21	10.0	CVE-2012-5840
  mozilla -- firefox	Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.	2012-11-21	10.0	CVE-2012-5842
  mozilla -- firefox	Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.	2012-11-21	10.0	CVE-2012-5843
  munin-monitoring -- munin	Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.	2012-11-21	7.2	CVE-2012-3512
  munin-monitoring -- munin	munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.	2012-11-21	9.3	CVE-2012-3513
  mybb -- mybb	SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php.	2012-11-17	7.5	CVE-2012-5909
  novell -- file_reporter	Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to execute arbitrary code via a large number of VOL elements in an SRS record.	2012-11-18	10.0	CVE-2012-4956
  novell -- file_reporter	Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record.	2012-11-18	7.8	CVE-2012-4957
  novell -- file_reporter	Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.	2012-11-18	7.8	CVE-2012-4958
  novell -- file_reporter	Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.	2012-11-18	10.0	CVE-2012-4959
  nvidia -- unix_graphic_driver	NVIDIA UNIX graphics driver before 295.71 and before 304.32 allows local users to write to arbitrary physical memory locations and gain privileges by modifying the VGA window using /dev/nvidia0.	2012-11-19	7.2	CVE-2012-4225
  pico -- picopublisher	Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) page.php or (2) single.php.	2012-11-17	7.5	CVE-2012-5912
  quest -- intrust	The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an "uninitialized pointer."	2012-11-17	10.0	CVE-2012-5896
  samedia -- landshop	Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) start parameter in a show action to admin/action/pdf.php.	2012-11-17	7.5	CVE-2012-5900
  sinapsitech -- esolar_duo_photovoltaic_system_monitor	Multiple SQL injection vulnerabilities on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 allow remote attackers to execute arbitrary SQL commands via (1) the inverterselect parameter in a primo action to dettagliinverter.php or (2) the lingua parameter to changelanguagesession.php.	2012-11-23	7.5	CVE-2012-5861
  sinapsitech -- esolar_duo_photovoltaic_system_monitor	login.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by leveraging a (1) cleartext password or (2) password hash contained in this script, as demonstrated by a password of astridservice or 36e44c9b64.	2012-11-23	10.0	CVE-2012-5862
  sinapsitech -- esolar_duo_photovoltaic_system_monitor	ping.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 allows remote attackers to execute arbitrary commands via shell metacharacters in the ip_dominio parameter.	2012-11-23	10.0	CVE-2012-5863
  sinapsitech -- esolar_duo_photovoltaic_system_monitor	The management web pages on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 do not require authentication, which allows remote attackers to obtain administrative access via a direct request, as demonstrated by a request to ping.php.	2012-11-23	10.0	CVE-2012-5864

Security Advisories for Firefox

Impact key:

• Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
• High: Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
• Moderate: Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
• Low: Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have "High" impact because those are generally used to steal sensitive data intended for other sites.)

Fixed in Firefox 17

MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer
MFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2012-104 CSS and HTML injection through Style Inspector
MFSA 2012-103 Frames can shadow top.location
MFSA 2012-102 Script entered into Developer Toolbar runs with chrome privileges
MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset
MFSA 2012-100 Improper security filtering for cross-origin wrappers
MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment
MFSA 2012-98 Firefox installer DLL hijacking
MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox
MFSA 2012-96 Memory corruption in str_unescape
MFSA 2012-95 Javascript: URLs run in privileged context on New Tab page
MFSA 2012-94 Crash when combining SVG text on path with CSS
MFSA 2012-93 evalInSanbox location context incorrectly applied
MFSA 2012-92 Buffer overflow while rendering GIF images
MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)

Fixed in Firefox 16.0.2

MFSA 2012-90 Fixes for Location object issues

Fixed in Firefox 16.0.1

MFSA 2012-89 defaultValue security checks not applied
MFSA 2012-88 Miscellaneous memory safety hazards (rv:16.0.1)

Fixed in Firefox 16

MFSA 2012-87 Use-after-free in the IME State Manager
MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer
MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer
MFSA 2012-84 Spoofing and script injection through location.hash
MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties
MFSA 2012-82 top object and location property accessible by plugins
MFSA 2012-81 GetProperty function can bypass security checks
MFSA 2012-80 Crash with invalid cast when using instanceof operator
MFSA 2012-79 DOS and crash with full screen and history navigation
MFSA 2012-78 Reader Mode pages have chrome privileges
MFSA 2012-77 Some DOMWindowUtils methods bypass security checks
MFSA 2012-76 Continued access to initial origin after setting document.domain
MFSA 2012-75 select element persistance allows for attacks
MFSA 2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)

Microsoft Security Advisory (2755801) - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10

Published: Friday, September 21, 2012 | Updated: Tuesday, November 06, 2012

Version: 4.0

General Information

Executive Summary

Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10.

Top of section

Mitigating Factors

Workarounds

Workaround refers to a setting or configuration change that would help block known attack vectors before you apply the update.

• Prevent Adobe Flash Player from running You can disable attempts to instantiate Adobe Flash Player in Internet Explorer and other applications that honor the kill bit feature, such as Office 2007 and Office 2010, by setting the kill bit for the control in the registry.
  Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
  To set the kill bit for the control in the registry, perform the following steps:
  
  1. Paste the following into a text file and save it with the .reg file extension.Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
"Compatibility Flags"=dword:00000400
  2. Double-click the .reg file to apply it to an individual system.
     
     You can also apply it across domains by using Group Policy. For more information about Group Policy, see the TechNet article, Group Policy collection.Note You must restart Internet Explorer for your changes to take effect.
  Impact of workaround. There is no impact as long as the object is not intended to be used in Internet Explorer.
  How to undo the workaround. Delete the registry keys that were added in implementing this workaround.
• Prevent Adobe Flash Player from running on Internet Explorer 10 through Group Policy on Windows 8 and Windows Server 2012Note The Group Policy MMC snap-in can be used to set policy for a machine, for an organizational unit, or for an entire domain. For more information about Group Policy, visit the following Microsoft Web sites:
  Group Policy Overview
  What is Group Policy Object Editor?
  Core Group Policy tools and settings
  To disable Adobe Flash Player in Internet Explorer 10 through Group Policy on Windows 8 and Windows Server 2012, perform the following steps:
  Note This workaround does not prevent Flash from being invoked from other applications, such as Microsoft Office 2007 or Microsoft Office 2010.
  
  1. Open the Group Policy Management Console and configure the console to work with the appropriate Group Policy object, such as local machine, OU, or domain GPO.
  2. Navigate to the following node:
     
     Administrative Templates - Windows Components - Internet Explorer - Security Features - Add-on Management
  3. Double-click Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects.
  4. Change the setting to Enabled.
  5. Click Apply and then click OK to return to the Group Policy Management Console.
  6. Refresh Group Policy on all systems or wait for the next scheduled Group Policy refresh interval for the settings to take effect.
• Prevent Adobe Flash Player from running in Office 2010 on Windows 8 and Windows Server 2012Note This workaround does not prevent Adobe Flash Player from running in Internet Explorer.
  Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
  For detailed steps that you can use to prevent a control from running in Internet Explorer, see Microsoft Knowledge Base Article 240797. Follow the steps in the article to create a Compatibility Flags value in the registry to prevent a COM object from being instantiated in Internet Explorer.
  To disable Adobe Flash Player in Office 2010 only, set the kill bit for the ActiveX control for Adobe Flash Player in the registry using the following steps:
  
  1. Create a text file named Disable_Flash.reg with the following contents:Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\COM\Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
"Compatibility Flags"=dword:00000400
  2. Double-click the .reg file to apply it to an individual system.
     Note You must restart Internet Explorer for your changes to take effect.You can also apply it across domains by using Group Policy. For more information about Group Policy, see the TechNet article, Group Policy collection.
• Prevent ActiveX controls from running in Office 2007 and Office 2010To disable all ActiveX controls in Microsoft Office 2007 and Microsoft Office 2010, including Adobe Flash Player in Internet Explorer 10, perform the following steps:
  
  1. Click File, click Options, click Trust Center, and then click Trust Center Settings.
  2. Click ActiveX Settings in the left-hand pane, and then select Disable all controls without notifications.
  3. Click OK to save your settings.
  Impact of workaround. Office documents that use embedded ActiveX controls may not display as intended.
  How to undo the workaround.
  To re-enable ActiveX controls in Microsoft Office 2007 and Microsoft Office 2010, perform the following steps:
  
  1. Click File, click Options, click Trust Center, and then click Trust Center Settings.
  2. Click ActiveX Settings in the left-hand pane, and then deselect Disable all controls without notifications.
  3. Click OK to save your settings.
• Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zonesYou can help protect against exploitation of these vulnerabilities by changing your settings for the Internet security zone to block ActiveX controls and Active Scripting. You can do this by setting your browser security to High.
  To raise the browsing security level in Internet Explorer, perform the following steps:
  
  1. On the Internet Explorer Tools menu, click Internet Options.
  2. In the Internet Options dialog box, click the Security tab, and then click Internet.
  3. Under Security level for this zone, move the slider to High. This sets the security level for all websites you visit to High.
  4. Click Local intranet.
  5. Under Security level for this zone, move the slider to High. This sets the security level for all websites you visit to High.
  6. Click OK to accept the changes and return to Internet Explorer.
  Note If no slider is visible, click Default Level, and then move the slider to High.
  Note Setting the level to High may cause some websites to work incorrectly. If you have difficulty using a website after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly even with the security setting set to High.
  Impact of workaround. There are side effects to blocking ActiveX Controls and Active Scripting. Many websites that are on the Internet or on an intranet use ActiveX or Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use ActiveX Controls to provide menus, ordering forms, or even account statements. Blocking ActiveX Controls or Active Scripting is a global setting that affects all Internet and intranet sites. If you do not want to block ActiveX Controls or Active Scripting for such sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone".
  Add sites that you trust to the Internet Explorer Trusted sites zone
  After you set Internet Explorer to block ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted websites exactly as you do today, while helping to protect yourself from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone.
  To do this, perform the following steps:
  
  1. In Internet Explorer, click Tools, click Internet Options, and then click the Security tab.
  2. In the Select a web content zone to specify its current security settings box, click Trusted Sites, and then click Sites.
  3. If you want to add sites that do not require an encrypted channel, click to clear the Require server verification (https:) for all sites in this zone check box.
  4. In the Add this website to the zone box, type the URL of a site that you trust, and then click Add.
  5. Repeat these steps for each site that you want to add to the zone.
  6. Click OK two times to accept the changes and return to Internet Explorer.
  Note Add any sites that you trust not to take malicious action on your system. Two in particular that you may want to add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that will host the update, and it requires an ActiveX Control to install the update.
  
• Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zoneYou can help protect against exploitation of these vulnerabilities by changing your settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone. To do this, perform the following steps:
  
  1. In Internet Explorer, click Internet Options on the Tools menu.
  2. Click the Security tab.
  3. Click Internet, and then click Custom Level.
  4. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.
  5. Click Local intranet, and then click Custom Level.
  6. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.
  7. Click OK two times to return to Internet Explorer.
  Note Disabling Active Scripting in the Internet and Local intranet security zones may cause some websites to work incorrectly. If you have difficulty using a website after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly.
  Impact of workaround. There are side effects to prompting before running Active Scripting. Many websites that are on the Internet or on an intranet use Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use Active Scripting to provide menus, ordering forms, or even account statements. Prompting before running Active Scripting is a global setting that affects all Internet and intranet sites. You will be prompted frequently when you enable this workaround. For each prompt, if you feel you trust the site that you are visiting, click Yes to run Active Scripting. If you do not want to be prompted for all these sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone".
  Add sites that you trust to the Internet Explorer Trusted sites zone
  After you set Internet Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted websites exactly as you do today, while helping to protect you from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone.
  To do this, perform the following steps:
  
  1. In Internet Explorer, click Tools, click Internet Options, and then click the Security tab.
  2. In the Select a web content zone to specify its current security settings box, click Trusted Sites, and then click Sites.
  3. If you want to add sites that do not require an encrypted channel, click to clear the Require server verification (https:) for all sites in this zone check box.
  4. In the Add this website to the zone box, type the URL of a site that you trust, and then click Add.
  5. Repeat these steps for each site that you want to add to the zone.
  6. Click OK two times to accept the changes and return to Internet Explorer.
  Note Add any sites that you trust not to take malicious action on your system. Two in particular that you may want to add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that will host the update, and it requires an ActiveX Control to install the update.