tailieunhanh - CVE 2012-1889 Security Update Analysis

The 12th of June 2012 Microsoft published a security advisory with a temporary fix related to the msxml core services vulnerability which is heavily exploited in the wild. On June 18th 2012 Metasploit released a working exploit. On June 19th 2012 a 100% reliable exploit for Internet Explorer 6/7/8/9 on Windows XP/Vista, and Windows 7 SP1 was published by metasploit. On July 9th 2012 Microsoft finally released a security update in order to patch this vulnerability. | RIDGE CVE 2012-1889 Security Update Analysis I N FORMAT I N s E c u Rl TY SOLUTIONS 19Th July 20 12 Brian Mariani FRéDéRic bourla 20 1 2 High-Tech Bridge sa Illi Timeline high-tech bridge INFORMATION SECURITY SOLUTIONS The 12th of June 20 12 Microsoft published a security advisory with a temporary fix related to the msxml core services vulnerability which is heavily exploited in the wild. On June 18th 20 12 Metasploit released a wORkING exploit. On June 19th 20 12 a 100 reliable exploit for Internet Explorer 6 7 S 9 ON Windows XP Vista and Windows 7 SP1 was published by metasploit. On July 9th 20 12 Microsoft finally released a security update in order to patch this vulnerability. 20 1 2 High-Tech Bridge SA Illi R INFORMATION SECURITY SOLUTIONS This DOCUMENT is THE CONTINUATION OF THE PREVIOUS publication Microsoft xml core services uninitialized MEMORy VULNERABILITy . In this new presentation WE WILL analyze THE security UPDATE RELEASED ON July 9th 20 12 WHICH FIXES SEVERAL DLL LIBRARIES specially the one. The lab environment is an English Windows XP SP3 WORkSTATION. For simplicity ASLR and dep security options ARE DEACTIVATED. 20 1 2 High-Tech Bridge SA .