Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Network Performance Monitor (NPM) > Microsoft Security Bulletin: Remote code execution vulnerability in Windows Common Controls

Microsoft Security Bulletin: Remote code execution vulnerability in Windows Common Controls

UPDATED April 20, 2017

Overview

Microsoft has released a critical security bulletin. Microsoft Security Bulletin MS12-027 addresses a vulnerability in Windows Common Controls that could permit remotely executed code. Specifically, the vulnerable file is mscomctl.OCX, located by default in C:\Windows\SysWOW64\.

From the Executive Summary:

This security update resolves a privately disclosed vulnerability in Windows common controls. The vulnerability could allow remote code execution if a user visits a website containing specially crafted content designed to exploit the vulnerability. In all cases, however, an attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website. The malicious file could be sent as an email attachment as well, but the attacker would have to convince the user to open the attachment in order to exploit the vulnerability.

This security update is rated Critical for all supported Microsoft software that included the Windows common controls in their default installations. This includes all supported editions of Microsoft Office 2003, Microsoft Office 2007; Microsoft Office 2010 (except x64-based editions); Microsoft SQL Server 2000 Analysis Services, Microsoft SQL Server 2000 (except Itanium-based editions), Microsoft SQL Server 2005 (except Microsoft SQL Server 2005 Express Edition, but including Microsoft SQL Server 2005 Express Edition with Advanced Services), Microsoft SQL Server 2008, Microsoft SQL Server 2008 R2, Microsoft BizTalk Server 2002, Microsoft Commerce Server 2002, Microsoft Commerce Server 2007, Microsoft Commerce Server 2009, Microsoft Commerce Server 2009 R2, Microsoft Visual FoxPro 8.0, Microsoft Visual FoxPro 9.0, and Visual Basic 6.0 Runtime. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerability by disabling the vulnerable version of the Windows common controls and replacing it with a new version that does not contain the vulnerability...

Environment

All SolarWinds products installed on Microsoft operating systems

Resolution

The easiest way to resolve this issue is to apply the Microsoft Update, as suggested in Microsoft Security Bulletin MS12-027. As SolarWinds products are updated, the version of this file that SolarWinds products use will also be updated.

 

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

Last modified
01:17, 20 Apr 2017

Tags

Classifications

Public