Microsoft Protections at Juniper Networks

Microsoft Protections

Need Help?

As a member of the Microsoft Active Protection Program (MAPP) New Window , Juniper Networks provides its customers with updated software protection information to address vulnerability exposures issued by Microsoft Security Advisory.

Microsoft Security Advisory (2847140): Vulnerability in Internet Explorer Could Allow Remote Code Execution

Microsoft is investigating public reports of a vulnerability in Internet Explorer 8. Microsoft is aware of attacks that attempt to exploit this vulnerability.

Internet Explorer 6, Internet Explorer 7, Internet Explorer 9, and Internet Explorer 10 are not affected by the vulnerability.

This is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

Juniper Networks protects against this vulnerability with the following signature:

HTTP: Microsoft Internet Explorer Object Memory Use After Free

Released May 7, 2013
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.

References:

MICROSOFT SECURITY ADVISORY (2794220): Vulnerability IN INTERNET EXPLORER COULD ALLOW REMOTE CODE EXECUTION

Microsoft is investigating public reports of a vulnerability in Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8. Internet Explorer 9 and Internet Explorer 10 are not affected by the vulnerability. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8.

The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

Juniper Networks protects against this vulnerability with the following signature:

HTTP: Microsoft Internet Explorer Use-After-Free Code Execution
Released December 31, 2012
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.

References:

MICROSOFT SECURITY ADVISORY (2719615): VULNERABILITY IN MICROSOFT XML CORE SERVICES COULD ALLOW REMOTE CODE EXECUTION

Microsoft is aware of active attacks that leverage a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website. The vulnerability affects all supported releases of Microsoft Windows, and all supported editions of Microsoft Office 2003 and Microsoft Office 2007.

Juniper Networks protects against this vulnerability with the following signature:

HTTP: Microsoft Internet Explorer XML Remote Command Execution
Released June 12, 2012
This signature detects attempts to use unsafe ActiveX controls in XML Core Services. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Product versions that are covered:

Windows XP Service Pack 3Microsoft XML Core Services 3.0
Windows XP Professional x64 Edition Service Pack 2Microsoft XML Core Services 3.0
Windows Server 2003 Service Pack 2Microsoft XML Core Services 3.0
Windows Server 2003 x64 Edition Service Pack 2Microsoft XML Core Services 3.0
Windows Server 2003 with SP2 for Itanium-based SystemsMicrosoft XML Core Services 3.0
Windows Vista Service Pack 2Microsoft XML Core Services 3.0
Windows Vista x64 Edition Service Pack 2Microsoft XML Core Services 3.0
Windows Server 2008 for 32-bit Systems Service Pack 2Microsoft XML Core Services 3.0
Windows Server 2008 for x64-based Systems Service Pack 2Microsoft XML Core Services 3.0
Windows Server 2008 for Itanium-based Systems Service Pack 2Microsoft XML Core Services 3.0
Windows 7 for 32-bit SystemsMicrosoft XML Core Services 3.0
Windows 7 for 32-bit Systems Service Pack 1Microsoft XML Core Services 3.0
Windows 7 for x64-based SystemsMicrosoft XML Core Services 3.0
Windows 7 for x64-based Systems Service Pack 1Microsoft XML Core Services 3.0
Windows Server 2008 R2 for x64-based SystemsMicrosoft XML Core Services 3.0
Windows Server 2008 R2 for x64-based Systems Service Pack 1Microsoft XML Core Services 3.0
Windows Server 2008 R2 for Itanium-based SystemsMicrosoft XML Core Services 3.0
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1Microsoft XML Core Services 3.0
Windows Server 2008 for 32-bit Systems Service Pack 2Microsoft XML Core Services 3.0
Windows Server 2008 for x64-based Systems Service Pack 2Microsoft XML Core Services 3.0
Windows Server 2008 R2 for x64-based SystemsMicrosoft XML Core Services 3.0
Windows Server 2008 R2 for x64-based Systems Service Pack 1Microsoft XML Core Services 3.0
Microsoft Office 2003 Service Pack 3Microsoft XML Core Services 5.0
Microsoft Office 2007 Service Pack 2Microsoft XML Core Services 5.0
Microsoft Office 2007 Service Pack 3

References:

MICROSOFT SECURITY ADVISORY (26396580): VULNERABILITY IN TRUETYPE FONT PARSING COULD ALLOW ELEVATION OF PRIVILEGE

Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware.

Juniper Networks protects against this vulnerability with the following signature:

HTTP: Microsoft Windows TrueType Font Parsing Remote Code Execution
Released Nov. 4, 2011
This signature detects attempts to exploit a known vulnerability against Microsoft Windows TrueType Font. A successful attack can lead to arbitrary code execution.

Product versions that are covered:

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2**
Windows Server 2008 for x64-based Systems Service Pack 2**
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1**
Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1