Office & productivity software forum: Critical Microsoft Update (MS12-027) for Microsoft Office

by: Carol~ April 11, 2012 11:28 AM PDT

Like this

0 people like this thread

Staff pick

Critical Microsoft Update (MS12-027) for Microsoft Office

by Carol~ Moderator - 4/11/12 11:28 AM

"MS12-027: Enhanced protections regarding ActiveX controls in Microsoft Office documents"

From the Security Research & Defense Blog:

Security Update MS12-027 addresses a code execution vulnerability in MSCOMCTL.OCX, the Windows Common Controls ActiveX control. By default, this component is included with all 32-bit versions of Microsoft Office. We'd like to cover the following topics in this blog post:

• Limited, targeted attacks leveraging this vulnerability
• Mitigations in recent versions of Office to reduce the risk
• Extra protections to block all or specific ActiveX controls in Office documents
• The new Office 2010 kill bit feature

Limited, targeted attacks leveraging this vulnerability

We list MS12-027 as our highest priority security update to deploy this month because we are aware of very limited, targeted attacks taking advantage of CVE-2012-0158 vulnerability using specially crafted Office documents as exploit vector. The specific samples that we have seen have been RTF files attempting to exploit the vulnerability when opened in either WordPad or Microsoft Word. People who install the MS012-027 patch are protected against CVE-2012-0158 so we recommend applying the update right away. Microsoft Word includes various on-by-default mitigations and optional security hardening features that you might consider enabling. Read on to find out more.

Microsoft Word 2010 Protected View as a mitigation

By default, Microsoft Office 2010 opens documents originating from the Internet and from other potentially unsafe locations in a mode called Protected View. This mode does not allow ActiveX controls to load. If a victim running Office 2010 were to receive an exploit for CVE-2012-0158 over the internet or via email, the victim would need to click the Protected View's "Enable Editing" button before the malicious code would be allowed to run. The screenshots below show two examples of Protected View. [Screenshot]

Disabling ActiveX controls in Microsoft Office

ActiveX-based attacks with documents are not new. In this blog we have covered the Behavior of embedded ActiveX controls in Microsoft Office documents (http://blogs.technet.com/b/srd/archive/2009/03/03/behavior-of-activex-controls-embedded-in-office-documents.aspx) three years ago, giving good advice and best practices on how to restrict (or disable) the initialization of embedded controls.

Without going into the details of the previous blog, we'll just mention once more that Office 2007 and 2010 editions have a dedicated panel for ActiveX controls in Trust Center Settings which allows, in its safest configuration, to completely disable all controls embedded in documents or to prompt a warning dialog when a document tries to use certain type of controls as showed by the following picture. [Screenshot]

Continued : http://blogs.technet.com/b/srd/archive/2012/04/10/ms12-027-enhanced-protections-regarding-activex-controls-in-microsoft-office-documents.aspx

See "Affected Software" in Microsoft Security Bulletin MS12-027: http://technet.microsoft.com/en-us/security/bulletin/ms12-027

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted and will appear on our site shortly.

Close