KLA10544 Code execution vulnerabilities in Microsoft Silverlight

2012-05-08T00:00:00

Description

### *Detect date*: 05/08/2012 ### *Severity*: Critical ### *Description*: An unspecified vulnerabilities were found in Microsoft Silverlight. By exploiting these vulnerabilities malicious users can execute arbitrary code. These vulnerabilities can be exploited remotely via a specially designed font data. ### *Affected products*: Microsoft Silverlight 4 earlier than 4.1.10329 Microsoft Silverlight 5 earlier than 5.1.10411 ### *Solution*: Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel) ### *Original advisories*: [MS12-034](<https://technet.microsoft.com/library/security/ms12-034>) [CVE-2011-3402](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2011-3402>) [CVE-2012-0159](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2012-0159>) ### *Impacts*: ACE ### *Related products*: [Microsoft Silverlight](<https://threats.kaspersky.com/en/product/Microsoft-Silverlight/>) ### *CVE-IDS*: [CVE-2011-3402](<https://vulners.com/cve/CVE-2011-3402>)9.3Critical [CVE-2012-0159](<https://vulners.com/cve/CVE-2012-0159>)9.3Critical ### *Microsoft official advisories*: ### *KB list*: [2690729](<http://support.microsoft.com/kb/2690729>) [2636927](<http://support.microsoft.com/kb/2636927>) ### *Exploitation*: This vulnerability can be exploited by the following malware:

{"id": "KLA10544", "vendorId": null, "type": "kaspersky", "bulletinFamily": "info", "title": "KLA10544 Code execution vulnerabilities in Microsoft Silverlight", "description": "### *Detect date*:\n05/08/2012\n\n### *Severity*:\nCritical\n\n### *Description*:\nAn unspecified vulnerabilities were found in Microsoft Silverlight. By exploiting these vulnerabilities malicious users can execute arbitrary code. These vulnerabilities can be exploited remotely via a specially designed font data.\n\n### *Affected products*:\nMicrosoft Silverlight 4 earlier than 4.1.10329 \nMicrosoft Silverlight 5 earlier than 5.1.10411\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[MS12-034](<https://technet.microsoft.com/library/security/ms12-034>) \n[CVE-2011-3402](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2011-3402>) \n[CVE-2012-0159](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2012-0159>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Silverlight](<https://threats.kaspersky.com/en/product/Microsoft-Silverlight/>)\n\n### *CVE-IDS*:\n[CVE-2011-3402](<https://vulners.com/cve/CVE-2011-3402>)9.3Critical \n[CVE-2012-0159](<https://vulners.com/cve/CVE-2012-0159>)9.3Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[2690729](<http://support.microsoft.com/kb/2690729>) \n[2636927](<http://support.microsoft.com/kb/2636927>)\n\n### *Exploitation*:\nThis vulnerability can be exploited by the following malware:", "published": "2012-05-08T00:00:00", "modified": "2021-04-22T00:00:00", "epss": [{"cve": "CVE-2011-3402", "epss": 0.96909, "percentile": 0.99545, "modified": "2023-06-05"}, {"cve": "CVE-2012-0159", "epss": 0.64129, "percentile": 0.9734, "modified": "2023-06-04"}], "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.3}, "severity": "HIGH", "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA10544/", "reporter": "Kaspersky Lab", "references": ["https://technet.microsoft.com/library/security/ms12-034", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2011-3402", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2012-0159", "https://threats.kaspersky.com/en/product/Microsoft-Silverlight/", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3402", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0159", "https://portal.msrc.microsoft.com/en-us/security-guidance", "http://support.microsoft.com/kb/2690729", "http://support.microsoft.com/kb/2636927", "https://threats.kaspersky.com/en/threat/Exploit.Win32.CVE-2011-3402/", "https://threats.kaspersky.com/en/threat/Exploit.Win32.CVE-2011-3402/", "https://statistics.securelist.com/vulnerability-scan/month"], "cvelist": ["CVE-2011-3402", "CVE-2012-0159"], "immutableFields": [], "lastseen": "2023-06-05T15:45:40", "viewCount": 365, "enchantments": {"dependencies": {"references": [{"type": "cert", "idList": ["VU:316553"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2011-512", "CPAI-2012-198", "CPAI-2015-0735"]}, {"type": "cve", "idList": ["CVE-2011-2004", "CVE-2011-3402", "CVE-2012-0159"]}, {"type": "metasploit", "idList": ["MSF:POST-WINDOWS-GATHER-FORENSICS-DUQU_CHECK-"]}, {"type": "mskb", "idList": ["KB2639417", "KB2681578"]}, {"type": "nessus", "idList": ["MACOSX_MS12-034.NASL", "SMB_KB2639658.NASL", "SMB_NT_MS11-087.NASL", "SMB_NT_MS12-034.NASL", "SMB_NT_MS12-039.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310802500", "OPENVAS:1361412562310902678", "OPENVAS:1361412562310902767", "OPENVAS:1361412562310902832", "OPENVAS:1361412562310902842", "OPENVAS:802500", "OPENVAS:902678", "OPENVAS:902767", "OPENVAS:902832", "OPENVAS:902842"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28350", "SECURITYVULNS:VULN:12090", "SECURITYVULNS:VULN:12357", "SECURITYVULNS:VULN:12406"]}, {"type": "seebug", "idList": ["SSV:60104"]}, {"type": "symantec", "idList": ["SMNTC-53335"]}, {"type": "thn", "idList": ["THN:3E923BF60240465681EDB5EF458156F0"]}, {"type": "threatpost", "idList": ["THREATPOST:10E07EA1EC79D258B439B4CA2F562B51", "THREATPOST:770B6E17E4B8181D31E215933E54652B", "THREATPOST:7A66D3AC7210BC6168B3777DC0419A88", "THREATPOST:A16EDEF0DAAD6325A7D930BE82C2B01C", "THREATPOST:EE3F3A8389237EB34791DBD9A0F1066E"]}, {"type": "zdi", "idList": ["ZDI-12-129"]}]}, "score": {"value": 1.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2012-198", "CPAI-2015-0735"]}, {"type": "cve", "idList": ["CVE-2011-3402", "CVE-2012-0159"]}, {"type": "metasploit", "idList": ["MSF:POST/WINDOWS/GATHER/FORENSICS/DUQU_CHECK"]}, {"type": "mskb", "idList": ["KB2639417"]}, {"type": "nessus", "idList": ["SMB_KB2639658.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:802500", "OPENVAS:902678"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28350"]}, {"type": "seebug", "idList": ["SSV:60104"]}, {"type": "threatpost", "idList": ["THREATPOST:770B6E17E4B8181D31E215933E54652B"]}, {"type": "zdi", "idList": ["ZDI-12-129"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2011-3402", "epss": 0.96909, "percentile": 0.99522, "modified": "2023-05-06"}, {"cve": "CVE-2012-0159", "epss": 0.64129, "percentile": 0.97307, "modified": "2023-05-06"}], "vulnersScore": 1.9}, "_state": {"dependencies": 1685981229, "score": 1685979995, "epss": 0}, "_internal": {"score_hash": "dadf1c1319ae2a758469fc5bea637c14"}}

{"openvas": [{"lastseen": "2017-07-02T21:10:35", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS12-034.", "cvss3": {}, "published": "2012-05-14T00:00:00", "type": "openvas", "title": "Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402", "CVE-2012-0159"], "modified": "2017-04-12T00:00:00", "id": "OPENVAS:902678", "href": "http://plugins.openvas.org/nasl.php?oid=902678", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms12-034_macosx.nasl 5940 2017-04-12 09:02:05Z teissa $\n#\n# Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code by\n tricking a user into opening a specially crafted file.\n Impact Level: System/Application\";\ntag_affected = \"Microsoft Silverlight versions 4 and 5\";\ntag_insight = \"The flaws are due to an error exists when parsing TrueType fonts.\";\ntag_solution = \"Run Windows Update and update the listed hotfixes or download and\n update mentioned hotfixes in the advisory from the below link,\n http://technet.microsoft.com/en-us/security/bulletin/MS12-034\";\ntag_summary = \"This host is missing a critical security update according to\n Microsoft Bulletin MS12-034.\";\n\nif(description)\n{\n script_id(902678);\n script_version(\"$Revision: 5940 $\");\n script_cve_id(\"CVE-2011-3402\", \"CVE-2012-0159\");\n script_bugtraq_id(50462, 53335);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-12 11:02:05 +0200 (Wed, 12 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-14 13:06:50 +0530 (Mon, 14 May 2012)\");\n script_name(\"Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/49121\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2681578\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2690729\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id/1027048\");\n script_xref(name : \"URL\" , value : \"http://technet.microsoft.com/en-us/security/bulletin/ms12-034\");\n\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gb_ms_silverlight_detect_macosx.nasl\");\n script_require_keys(\"MS/Silverlight/MacOSX/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nslightVer = \"\";\n\n## Get the version from KB\nslightVer = get_kb_item(\"MS/Silverlight/MacOSX/Ver\");\nif(!slightVer){\n exit(0);\n}\n\n## Check for Silverlight 4 and 5\nif(version_in_range(version: slightVer, test_version:\"4.0\", test_version2:\"4.1.10328\")||\n version_in_range(version: slightVer, test_version:\"5.0\", test_version2:\"5.1.10410\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-06-10T19:58:22", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS12-034.", "cvss3": {}, "published": "2012-05-14T00:00:00", "type": "openvas", "title": "Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402", "CVE-2012-0159"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310902678", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902678", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902678\");\n script_version(\"2020-06-09T10:15:40+0000\");\n script_cve_id(\"CVE-2011-3402\", \"CVE-2012-0159\");\n script_bugtraq_id(50462, 53335);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 10:15:40 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-05-14 13:06:50 +0530 (Mon, 14 May 2012)\");\n script_name(\"Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2681578\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2690729\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1027048\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034\");\n\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gb_ms_silverlight_detect_macosx.nasl\");\n script_mandatory_keys(\"MS/Silverlight/MacOSX/Ver\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code by\n tricking a user into opening a specially crafted file.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Silverlight versions 4 and 5.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to an error exists when parsing TrueType fonts.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security update according to\n Microsoft Bulletin MS12-034.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nslightVer = get_kb_item(\"MS/Silverlight/MacOSX/Ver\");\nif(!slightVer){\n exit(0);\n}\n\nif(version_in_range(version: slightVer, test_version:\"4.0\", test_version2:\"4.1.10328\")||\n version_in_range(version: slightVer, test_version:\"5.0\", test_version2:\"5.1.10410\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-14T10:50:56", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS12-039.", "cvss3": {}, "published": "2012-06-13T00:00:00", "type": "openvas", "title": "Microsoft Lync Remote Code Execution Vulnerabilities (2707956)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1858", "CVE-2011-3402", "CVE-2012-0159", "CVE-2012-1849"], "modified": "2017-06-29T00:00:00", "id": "OPENVAS:902842", "href": "http://plugins.openvas.org/nasl.php?oid=902842", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms12-039.nasl 6473 2017-06-29 06:07:30Z cfischer $\n#\n# Microsoft Lync Remote Code Execution Vulnerabilities (2707956)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow an attacker to execute arbitrary code\n with kernel-level privileges. Failed exploit attempts may result in a\n denial of service condition.\n Impact Level: System/Application\";\ntag_affected = \"Microsoft Lync 2010\n Microsoft Lync 2010 Attendee\n Microsoft Lync 2010 Attendant\n Microsoft Communicator 2007 R2\";\ntag_insight = \"- An error within the Win32k kernel-mode driver (win32k.sys) when parsing\n TrueType fonts.\n - An error in the t2embed.dll module when parsing TrueType fonts.\n - The client loads libraries in an insecure manner, which can be exploited\n to load arbitrary libraries by tricking a user into opening a '.ocsmeet'\n file located on a remote WebDAV or SMB share.\n - An unspecified error in the 'SafeHTML' API when sanitising HTML code can\n be exploited to execute arbitrary HTML and script code in the user's chat\n session.\";\ntag_solution = \"Run Windows Update and update the listed hotfixes or download and\n update mentioned hotfixes in the advisory from the below link,\n http://technet.microsoft.com/en-us/security/bulletin/ms12-039\";\ntag_summary = \"This host is missing a critical security update according to\n Microsoft Bulletin MS12-039.\";\n\nif(description)\n{\n script_id(902842);\n script_version(\"$Revision: 6473 $\");\n script_bugtraq_id(50462, 53335, 53831, 53833);\n script_cve_id(\"CVE-2011-3402\", \"CVE-2012-0159\", \"CVE-2012-1849\", \"CVE-2012-1858\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-29 08:07:30 +0200 (Thu, 29 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-13 11:11:11 +0530 (Wed, 13 Jun 2012)\");\n script_name(\"Microsoft Lync Remote Code Execution Vulnerabilities (2707956)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/48429\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id/1027150\");\n script_xref(name : \"URL\" , value : \"http://technet.microsoft.com/en-us/security/bulletin/ms12-039\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_ms_lync_detect_win.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"MS/Lync/Installed\");\n\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n## Variables Initialization\npath = \"\";\noglVer = \"\";\nattVer = \"\";\ncommVer = \"\";\n\n## Check for Microsoft Lync 2010/Communicator 2007 R2\nif(get_kb_item(\"MS/Lync/Ver\"))\n{\n ## Get Installed Path\n path = get_kb_item(\"MS/Lync/path\");\n if(path)\n {\n ## Get Version from communicator.exe\n commVer = fetch_file_version(sysPath:path, file_name:\"communicator.exe\");\n if(commVer)\n {\n if(version_in_range(version:commVer, test_version:\"3.5\", test_version2:\"3.5.6907.252\")||\n version_in_range(version:commVer, test_version:\"4.0\", test_version2:\"4.0.7577.4097\"))\n {\n security_message(0);\n exit(0);\n }\n }\n }\n}\n\n## For Microsoft Lync 2010 Attendee (admin level install) \n## For Microsoft Lync 2010 Attendee (user level install) \nif(get_kb_item(\"MS/Lync/Attendee/Ver\"))\n{\n ## Get Installed Path\n path = get_kb_item(\"MS/Lync/Attendee/path\");\n if(path)\n {\n ## Get Version from Ogl.dll\n oglVer = fetch_file_version(sysPath:path, file_name:\"Ogl.dll\");\n if(oglVer)\n {\n if(version_in_range(version:oglVer, test_version:\"4.0\", test_version2:\"4.0.7577.4097\"))\n {\n security_message(0);\n exit(0);\n }\n }\n }\n}\n\n## Check for Microsoft Lync 2010 Attendant\nif(get_kb_item(\"MS/Lync/Attendant/Ver\"))\n{\n ## Get Installed Path\n path = get_kb_item(\"MS/Lync/Attendant/path\");\n if(path)\n {\n ## Get Version from AttendantConsole.exe\n attVer = fetch_file_version(sysPath:path, file_name:\"AttendantConsole.exe\");\n if(attVer)\n {\n if(version_in_range(version:attVer, test_version:\"4.0\", test_version2:\"4.0.7577.4097\"))\n {\n security_message(0);\n exit(0);\n }\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-06-10T19:55:18", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS12-039.", "cvss3": {}, "published": "2012-06-13T00:00:00", "type": "openvas", "title": "Microsoft Lync Remote Code Execution Vulnerabilities (2707956)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1858", "CVE-2011-3402", "CVE-2012-0159", "CVE-2012-1849"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310902842", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902842", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Lync Remote Code Execution Vulnerabilities (2707956)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902842\");\n script_version(\"2020-06-09T10:15:40+0000\");\n script_bugtraq_id(50462, 53335, 53831, 53833);\n script_cve_id(\"CVE-2011-3402\", \"CVE-2012-0159\", \"CVE-2012-1849\", \"CVE-2012-1858\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 10:15:40 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-06-13 11:11:11 +0530 (Wed, 13 Jun 2012)\");\n script_name(\"Microsoft Lync Remote Code Execution Vulnerabilities (2707956)\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1027150\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_ms_lync_detect_win.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"MS/Lync/Installed\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow an attacker to execute arbitrary code\n with kernel-level privileges. Failed exploit attempts may result in a\n denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Lync 2010\n\n - Microsoft Lync 2010 Attendee\n\n - Microsoft Lync 2010 Attendant\n\n - Microsoft Communicator 2007 R2\");\n\n script_tag(name:\"insight\", value:\"- An error within the Win32k kernel-mode driver (win32k.sys) when parsing\n TrueType fonts.\n\n - An error in the t2embed.dll module when parsing TrueType fonts.\n\n - The client loads libraries in an insecure manner, which can be exploited\n to load arbitrary libraries by tricking a user into opening a '.ocsmeet'\n file located on a remote WebDAV or SMB share.\n\n - An unspecified error in the 'SafeHTML' API when sanitising HTML code can\n be exploited to execute arbitrary HTML and script code in the user's chat\n session.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security update according to\n Microsoft Bulletin MS12-039.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(get_kb_item(\"MS/Lync/Ver\"))\n{\n path = get_kb_item(\"MS/Lync/path\");\n if(path)\n {\n commVer = fetch_file_version(sysPath:path, file_name:\"communicator.exe\");\n if(commVer)\n {\n if(version_in_range(version:commVer, test_version:\"3.5\", test_version2:\"3.5.6907.252\")||\n version_in_range(version:commVer, test_version:\"4.0\", test_version2:\"4.0.7577.4097\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n}\n\n## For Microsoft Lync 2010 Attendee (admin level install)\n## For Microsoft Lync 2010 Attendee (user level install)\nif(get_kb_item(\"MS/Lync/Attendee/Ver\"))\n{\n path = get_kb_item(\"MS/Lync/Attendee/path\");\n if(path)\n {\n oglVer = fetch_file_version(sysPath:path, file_name:\"Ogl.dll\");\n if(oglVer)\n {\n if(version_in_range(version:oglVer, test_version:\"4.0\", test_version2:\"4.0.7577.4097\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n}\n\nif(get_kb_item(\"MS/Lync/Attendant/Ver\"))\n{\n path = get_kb_item(\"MS/Lync/Attendant/path\");\n if(path)\n {\n attVer = fetch_file_version(sysPath:path, file_name:\"AttendantConsole.exe\");\n if(attVer)\n {\n if(version_in_range(version:attVer, test_version:\"4.0\", test_version2:\"4.0.7577.4097\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-07T16:39:04", "description": "The host is installed with Microsoft Windows operating system and is prone to\n pivilege escalation vulnerability.\n\n This VT has been replaced by OID:1.3.6.1.4.1.25623.1.0.902767.", "cvss3": {}, "published": "2011-11-07T00:00:00", "type": "openvas", "title": "Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402"], "modified": "2020-04-02T00:00:00", "id": "OPENVAS:1361412562310802500", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802500", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802500\");\n script_version(\"2020-04-02T11:36:28+0000\");\n script_cve_id(\"CVE-2011-3402\");\n script_bugtraq_id(50462);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-02 11:36:28 +0000 (Thu, 02 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-11-07 16:44:35 +0530 (Mon, 07 Nov 2011)\");\n script_name(\"Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"Windows\");\n\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2639658\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2011/2639658\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code with\n kernel-level privileges. Failed exploit attempts may result in a denial-of-service condition.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7 Service Pack 1 and prior\n\n - Microsoft Windows XP Service Pack 3 and prior\n\n - Microsoft Windows Vista Service Pack 2 and prior\n\n - Microsoft Windows Server 2008 Service Pack 2 and prior\n\n - Microsoft Windows server 2003 Service Pack 2 and prior\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to due to an error within the Win32k kernel-mode\n driver when parsing TrueType fonts.\");\n\n script_tag(name:\"solution\", value:\"Apply the workaround.\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Microsoft Windows operating system and is prone to\n pivilege escalation vulnerability.\n\n This VT has been replaced by OID:1.3.6.1.4.1.25623.1.0.902767.\");\n\n script_tag(name:\"solution_type\", value:\"Workaround\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_tag(name:\"deprecated\", value:TRUE);\n\n exit(0);\n}\n\nexit(66); ## This NVT is deprecated as addressed in secpod_ms11-087.nasl\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-02-09T11:14:13", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS11-087.", "cvss3": {}, "published": "2011-12-14T00:00:00", "type": "openvas", "title": "Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402"], "modified": "2018-02-08T00:00:00", "id": "OPENVAS:902767", "href": "http://plugins.openvas.org/nasl.php?oid=902767", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms11-087.nasl 8724 2018-02-08 15:02:56Z cfischer $\n#\n# Windows Kernel-Mode Drivers Remote Code Execution Vulnerability (2639417)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow local attackers to run arbitrary code in\n kernel mode and take complete control of an affected system. An attacker\n could then install programs view, change, or delete data or create new\n accounts with full administrative rights.\n\n Impact Level: System\";\ntag_affected = \"Microsoft Windows 7 Service Pack 1 and prior\n\n Microsoft Windows XP Service Pack 3 and prior\n\n Microsoft Windows 2003 Service Pack 2 and prior\n\n Microsoft Windows Vista Service Pack 2 and prior\n\n Microsoft Windows Server 2008 Service Pack 2 and prior\";\ntag_insight = \"The flaw is due to to an error within the Win32k kernel-mode driver\n (win32k.sys) when parsing TrueType fonts.\";\ntag_solution = \"Run Windows Update and update the listed hotfixes or download and\n update mentioned hotfixes in the advisory from the below link,\n\n http://technet.microsoft.com/en-us/security/bulletin/ms11-087\";\ntag_summary = \"This host is missing a critical security update according to\n Microsoft Bulletin MS11-087.\";\n\nif(description)\n{\n script_id(902767);\n script_version(\"$Revision: 8724 $\");\n script_cve_id(\"CVE-2011-3402\");\n script_bugtraq_id(50462);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-08 16:02:56 +0100 (Thu, 08 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-14 09:28:44 +0530 (Wed, 14 Dec 2011)\");\n script_name(\"Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053)\");\n script_xref(name : \"URL\" , value : \"https://secunia.com/advisories/46724/\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2639417\");\n script_xref(name : \"URL\" , value : \"http://technet.microsoft.com/en-us/security/bulletin/ms11-087\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n## Check for OS and Service Pack\nif(hotfix_check_sp(xp:4, win2003:3, winVista:3, win2008:3, win7:2) <= 0){\n exit(0);\n}\n\n## MS11-087 Hotfix (2639417)\nif(hotfix_missing(name:\"2639417\") == 0){\n exit(0);\n}\n\n## Get System Path\nsysPath = smb_get_systemroot();\nif(!sysPath){\n exit(0);\n}\n\n## Get Version from Win32k.sys file\nsysVer = fetch_file_version(sysPath, file_name:\"system32\\Win32k.sys\");\nif(!sysVer){\n exit(0);\n}\n\n## Windows XP\nif(hotfix_check_sp(xp:4) > 0)\n{\n SP = get_kb_item(\"SMB/WinXP/ServicePack\");\n if(\"Service Pack 3\" >< SP)\n {\n ## Check for Win32k.sys version before 5.1.2600.6178\n if(version_is_less(version:sysVer, test_version:\"5.1.2600.6178\")){\n security_message(0);\n }\n exit(0);\n }\n security_message(0);\n}\n\n## Windows 2003\nelse if(hotfix_check_sp(win2003:3) > 0)\n{\n SP = get_kb_item(\"SMB/Win2003/ServicePack\");\n if(\"Service Pack 2\" >< SP)\n {\n ## Check for Win32k.sys version before 5.2.3790.4938\n if(version_is_less(version:sysVer, test_version:\"5.2.3790.4938\")){\n security_message(0);\n }\n exit(0);\n }\n security_message(0);\n}\n\n## File Information is not available for Windows Vista and Server 2008\n## Applied the patch and taking upgraded version as non vuln\n## Checking for only GDR\n\n## Windows Vista and Windows Server 2008\nelse if(hotfix_check_sp(winVista:3, win2008:3) > 0)\n{\n SP = get_kb_item(\"SMB/WinVista/ServicePack\");\n\n if(!SP) {\n SP = get_kb_item(\"SMB/Win2008/ServicePack\");\n }\n\n if(\"Service Pack 2\" >< SP)\n {\n ## Check for Win32k.sys version\n if(version_in_range(version:sysVer, test_version:\"6.0.6002.18000\", test_version2:\"6.0.6002.18543\")){\n security_message(0);\n }\n exit(0);\n }\n security_message(0);\n}\n\n## Windows 7\nelse if(hotfix_check_sp(win7:2) > 0)\n{\n ## Check for Win32k.sys version\n if(version_is_less(version:sysVer, test_version:\"6.1.7600.16920\") ||\n version_in_range(version:sysVer, test_version:\"6.1.7600.20000\", test_version2:\"6.1.7600.21096\")||\n version_in_range(version:sysVer, test_version:\"6.1.7601.17000\", test_version2:\"6.1.7601.17729\")||\n version_in_range(version:sysVer, test_version:\"6.1.7601.21000\", test_version2:\"6.1.7601.21865\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-01-08T14:04:57", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS11-087.", "cvss3": {}, "published": "2011-12-14T00:00:00", "type": "openvas", "title": "Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402"], "modified": "2020-01-07T00:00:00", "id": "OPENVAS:1361412562310902767", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902767", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Windows Kernel-Mode Drivers Remote Code Execution Vulnerability (2639417)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902767\");\n script_version(\"2020-01-07T09:06:32+0000\");\n script_cve_id(\"CVE-2011-3402\");\n script_bugtraq_id(50462);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-07 09:06:32 +0000 (Tue, 07 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-12-14 09:28:44 +0530 (Wed, 14 Dec 2011)\");\n script_name(\"Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053)\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2639417\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/registry_enumerated\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow local attackers to run arbitrary code in\n kernel mode and take complete control of an affected system. An attacker\n could then install programs view, change, or delete data or create new\n accounts with full administrative rights.\");\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7 Service Pack 1 and prior\n\n - Microsoft Windows XP Service Pack 3 and prior\n\n - Microsoft Windows 2003 Service Pack 2 and prior\n\n - Microsoft Windows Vista Service Pack 2 and prior\n\n - Microsoft Windows Server 2008 Service Pack 2 and prior\");\n script_tag(name:\"insight\", value:\"The flaw is due to an error within the Win32k kernel-mode driver\n (win32k.sys) when parsing TrueType fonts.\");\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n script_tag(name:\"summary\", value:\"This host is missing a critical security update according to\n Microsoft Bulletin MS11-087.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(xp:4, win2003:3, winVista:3, win2008:3, win7:2) <= 0){\n exit(0);\n}\n\n## MS11-087 Hotfix (2639417)\nif(hotfix_missing(name:\"2639417\") == 0){\n exit(0);\n}\n\nsysPath = smb_get_systemroot();\nif(!sysPath){\n exit(0);\n}\n\nsysVer = fetch_file_version(sysPath:sysPath, file_name:\"system32\\Win32k.sys\");\nif(!sysVer){\n exit(0);\n}\n\nif(hotfix_check_sp(xp:4) > 0)\n{\n SP = get_kb_item(\"SMB/WinXP/ServicePack\");\n if(\"Service Pack 3\" >< SP)\n {\n if(version_is_less(version:sysVer, test_version:\"5.1.2600.6178\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n }\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n\nelse if(hotfix_check_sp(win2003:3) > 0)\n{\n SP = get_kb_item(\"SMB/Win2003/ServicePack\");\n if(\"Service Pack 2\" >< SP)\n {\n if(version_is_less(version:sysVer, test_version:\"5.2.3790.4938\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n }\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n\n## File Information is not available for Windows Vista and Server 2008\n## Applied the patch and taking upgraded version as non vuln\n\nelse if(hotfix_check_sp(winVista:3, win2008:3) > 0)\n{\n SP = get_kb_item(\"SMB/WinVista/ServicePack\");\n\n if(!SP) {\n SP = get_kb_item(\"SMB/Win2008/ServicePack\");\n }\n\n if(\"Service Pack 2\" >< SP)\n {\n if(version_in_range(version:sysVer, test_version:\"6.0.6002.18000\", test_version2:\"6.0.6002.18543\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n }\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n\nelse if(hotfix_check_sp(win7:2) > 0)\n{\n if(version_is_less(version:sysVer, test_version:\"6.1.7600.16920\") ||\n version_in_range(version:sysVer, test_version:\"6.1.7600.20000\", test_version2:\"6.1.7600.21096\")||\n version_in_range(version:sysVer, test_version:\"6.1.7601.17000\", test_version2:\"6.1.7601.17729\")||\n version_in_range(version:sysVer, test_version:\"6.1.7601.21000\", test_version2:\"6.1.7601.21865\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:13:41", "description": "The host is installed with Microsoft Windows operating system and is prone to\n pivilege escalation vulnerability.\n\n This NVT has been replaced by NVT secpod_ms11-087.nasl\n (OID:1.3.6.1.4.1.25623.1.0.902767).", "cvss3": {}, "published": "2011-11-07T00:00:00", "type": "openvas", "title": "Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:802500", "href": "http://plugins.openvas.org/nasl.php?oid=802500", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ms_truetype_font_privilege_elevation_vuln.nasl 5362 2017-02-20 12:46:39Z cfi $\n#\n# Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code with\n kernel-level privileges. Failed exploit attempts may result in a\n denial-of-service condition.\n Impact Level: System\";\ntag_affected = \"Microsoft Windows 7 Service Pack 1 and prior\n Microsoft Windows XP Service Pack 3 and prior\n Microsoft Windows Vista Service Pack 2 and prior\n Microsoft Windows Server 2008 Service Pack 2 and prior\n Microsoft Windows server 2003 Service Pack 2 and prior\";\ntag_insight = \"The flaw is due to due to an error within the Win32k kernel-mode\n driver when parsing TrueType fonts.\";\ntag_solution = \"Apply the workaround from below link,\n http://support.microsoft.com/kb/2639658\";\ntag_summary = \"The host is installed with Microsoft Windows operating system and is prone to\n pivilege escalation vulnerability.\n\n This NVT has been replaced by NVT secpod_ms11-087.nasl\n (OID:1.3.6.1.4.1.25623.1.0.902767).\";\n\nif(description)\n{\n script_id(802500);\n script_version(\"$Revision: 5362 $\");\n script_tag(name:\"deprecated\", value:TRUE);\n script_cve_id(\"CVE-2011-3402\");\n script_bugtraq_id(50462);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 13:46:39 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-07 16:44:35 +0530 (Mon, 07 Nov 2011)\");\n script_name(\"Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/46724/\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2639658\");\n script_xref(name : \"URL\" , value : \"http://technet.microsoft.com/en-us/security/advisory/2639658\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Windows\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\nexit(66); ## This NVT is deprecated as addressed in secpod_ms11-087.nasl\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n exit(0); ## plugin may results to FP\n\n## Check for OS\nif(hotfix_check_sp(xp:4, win2003:3, winVista:3, win2008:3, win7:2) <= 0){\n exit(0);\n}\n\n## Get System Path\nsysPath = smb_get_systemroot();\nif(!sysPath ){\n exit(0);\n}\n\ndllPath = sysPath + \"\\system32\\t2embed.dll\";\n\n## Exit if file does not exist\nif(!dllPath){\n exit(0);\n}\n\nshare = ereg_replace(pattern:\"([A-Z]):.*\", replace:\"\\1$\", string:dllPath);\nfile = ereg_replace(pattern:\"[A-Z]:(.*)\", replace:\"\\1\", string:dllPath);\n\n## Check if file is accessible by checking its size\ndllSize = get_file_size(file:file, share:share);\nif(dllSize != NULL){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:35:03", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS12-034.", "cvss3": {}, "published": "2012-05-09T00:00:00", "type": "openvas", "title": "MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402", "CVE-2012-1848", "CVE-2012-0162", "CVE-2012-0164", "CVE-2012-0180", "CVE-2012-0176", "CVE-2012-0167", "CVE-2012-0159", "CVE-2012-0165", "CVE-2012-0181"], "modified": "2017-12-20T00:00:00", "id": "OPENVAS:902832", "href": "http://plugins.openvas.org/nasl.php?oid=902832", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms12-034.nasl 8190 2017-12-20 09:44:30Z cfischer $\n#\n# MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow an attacker to gain escalated privileges\n and execute arbitrary code.\n Impact Level: System/Application\";\ntag_affected = \"Microsoft .NET Framework 4\n Microsoft Silverlight 4 and 5\n Microsoft .NET Framework 3.5.1\n Microsoft Office 2003 Service Pack 3\n Microsoft Office 2007 Service Pack 2\n Microsoft Office 2010 Service Pack 1\n Microsoft .NET Framework 3.0 Service Pack 2\n Microsoft Windows 7 Service Pack 1 and prior\n Microsoft Windows XP Service Pack 3 and prior\n Microsoft Windows 2003 Service Pack 2 and prior\n Microsoft Windows Vista Service Pack 2 and prior\n Microsoft Windows Server 2008 Service Pack 2 and prior\";\ntag_insight = \"Multiple flaws are due to\n - An error exists when parsing TrueType fonts.\n - An error in the t2embed.dll module when parsing TrueType fonts can be\n exploited via a specially crafted TTF file.\n - An error in GDI+ when handling certain records can be exploited via a\n specially crafted EMF image file.\n - An error in win32k.sys related to certain Windows and Messages handling\n can be exploited to execute arbitrary code in the context of another\n process.\n - An error in win32k.sys when handling keyboard layout files can be exploited\n to execute arbitrary code in the context of another process.\n - An error in win32k.sys related to scrollbar calculations can be exploited\n to execute arbitrary code in the context of another process.\";\ntag_solution = \"Run Windows Update and update the listed hotfixes or download and\n update mentioned hotfixes in the advisory from the below link,\n http://technet.microsoft.com/en-us/security/bulletin/ms12-034\";\ntag_summary = \"This host is missing a critical security update according to\n Microsoft Bulletin MS12-034.\";\n\nif(description)\n{\n script_id(902832);\n script_version(\"$Revision: 8190 $\");\n script_bugtraq_id(50462, 53324, 53326, 53327, 53335, 53347, 53351, 53358,\n 53360, 53363);\n script_cve_id(\"CVE-2011-3402\", \"CVE-2012-0159\", \"CVE-2012-0162\", \"CVE-2012-0164\",\n \"CVE-2012-0165\", \"CVE-2012-0167\", \"CVE-2012-0176\", \"CVE-2012-0180\",\n \"CVE-2012-0181\", \"CVE-2012-1848\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 10:44:30 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-09 09:09:09 +0530 (Wed, 09 May 2012)\");\n script_name(\"MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/49120\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/49121\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2681578\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id/1027048\");\n script_xref(name : \"URL\" , value : \"http://technet.microsoft.com/en-us/security/bulletin/ms12-034\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_reg_enum.nasl\", \"gb_ms_silverlight_detect.nasl\",\n \"secpod_office_products_version_900032.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\ninclude(\"host_details.inc\");\n\n## Check for OS and Service Pack\nif(hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3, winVista:3,\n win7:2, win7x64:2, win2008:3, win2008r2:2) <= 0){\n exit(0);\n}\n\n## Get Silverlight version from KB\ninfos = get_app_version_and_location( cpe:\"cpe:/a:microsoft:silverlight\" );\nmslVers = infos['version'];\nmslPath = infos['location'];\n\nif( mslVers ) {\n ## Check for Microsoft Silverlight version prior to 4.1.10329\n if( version_is_less( version:mslVers, test_version:\"4.1.10329\" ) ||\n version_in_range( version:mslVers, test_version:\"5.0\", test_version2:\"5.1.10410\" ) ) {\n report = report_fixed_ver( installed_version:mslVers, vulnerable_range:\"< 4.1.10329 and 5.0 - 5.1.10410\", install_path:mslPath );\n security_message( port:0, data:report );\n exit( 0 );\n }\n}\n\n## Get .NET Framework 4.0 Version\nkey = \"SOFTWARE\\Microsoft\\ASP.NET\\4.0.30319.0\";\nif(registry_key_exists(key:key))\n{\n path = registry_get_sz(key:key, item:\"Path\");\n if(path){\n dllv4 = fetch_file_version(sysPath:path, file_name:\"WPF\\Presentationcore.dll\");\n }\n}\n\n## .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7\nif(dllv4 &&\n (version_in_range(version:dllv4, test_version:\"4.0.30319.000\", test_version2:\"4.0.30319.274\") ||\n version_in_range(version:dllv4, test_version:\"4.0.30319.500\", test_version2:\"4.0.30319.549\")))\n{\n security_message(0);\n exit(0);\n}\n\n## Get .NET Framework 3.0 Service Pack 2 Version\nkey = \"SOFTWARE\\Microsoft\\.NETFramework\\AssemblyFolders\\v3.0\";\nif(registry_key_exists(key:key))\n{\n path = registry_get_sz(key:key, item:\"All Assemblies In\");\n if(path){\n dllv3 = fetch_file_version(sysPath:path, file_name:\"System.Printing.dll\");\n }\n}\n\n## .NET Framework 3.0 Service Pack 2 on Windows XP and Windows Server 2003\nif(dllv3 && (hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3) > 0))\n{\n if(version_in_range(version:dllv3, test_version:\"3.0.6920.4000\", test_version2:\"3.0.6920.4020\") ||\n version_in_range(version:dllv3, test_version:\"3.0.6920.5000\", test_version2:\"3.0.6920.5809\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n## .NET Framework 3.0 Service Pack 2 on Windows Vista and Windows Server 2008\nif(dllv3 && (hotfix_check_sp(winVista:3, win2008:3) > 0))\n{\n if(version_in_range(version:dllv3, test_version:\"3.0.6920.4000\", test_version2:\"3.0.6920.4212\") ||\n version_in_range(version:dllv3, test_version:\"3.0.6920.5000\", test_version2:\"3.0.6920.5793\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n## .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2\nif(dllv3 && (hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0))\n{\n if(version_in_range(version:dllv3, test_version:\"3.0.6920.4000\", test_version2:\"3.0.6920.5004\") ||\n version_in_range(version:dllv3, test_version:\"3.0.6920.5800\", test_version2:\"3.0.6920.5808\") ||\n version_in_range(version:dllv3, test_version:\"3.0.6920.5400\", test_version2:\"3.0.6920.5447\") ||\n version_in_range(version:dllv3, test_version:\"3.0.6920.5700\", test_version2:\"3.0.6920.5793\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n## MS Office 2007, 2010\nif(get_kb_item(\"MS/Office/Ver\") =~ \"^[12|14].*\")\n{\n path = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"CommonFilesDir\");\n if(path)\n {\n foreach ver (make_list(\"OFFICE12\", \"OFFICE14\"))\n {\n ## Get Version from Ogl.dll\n offPath = path + \"\\Microsoft Shared\\\" + ver;\n dllVer = fetch_file_version(sysPath:offPath, file_name:\"Ogl.dll\");\n\n if(dllVer &&\n (version_in_range(version:dllVer, test_version:\"14.0\", test_version2:\"14.0.6117.5000\") ||\n version_in_range(version:dllVer, test_version:\"12.0\", test_version2:\"12.0.6659.4999\")))\n {\n security_message(0);\n exit(0);\n }\n }\n }\n}\n\n## MS Office 2003\nif(get_kb_item(\"MS/Office/Ver\") =~ \"^11.*\")\n{\n offPath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"ProgramFilesDir\");\n if(offPath)\n {\n ## Get Version from GDIPLUS.DLL\n offPath = offPath + \"\\Microsoft Office\\OFFICE11\";\n dllVer = fetch_file_version(sysPath:offPath, file_name:\"Gdiplus.dll\");\n\n if(dllVer && version_in_range(version:dllVer, test_version:\"11.0\", test_version2:\"11.0.8344\"))\n {\n security_message(0);\n exit(0);\n }\n }\n}\n\n## Get System Path\nsysPath = smb_get_systemroot();\nif(!sysPath){\n exit(0);\n}\n\n## Get Version from Win32k.sys file\nsysVer = fetch_file_version(sysPath, file_name:\"system32\\Win32k.sys\");\nif(sysVer)\n{\n ## Windows XP\n if(hotfix_check_sp(xp:4) > 0)\n {\n ## Check for Win32k.sys version before 5.1.2600.6206\n if(version_is_less(version:sysVer, test_version:\"5.1.2600.6206\"))\n {\n security_message(0);\n exit(0);\n }\n }\n\n ## Windows 2003, Windows XP x64 and Windows 2003 x64\n else if(hotfix_check_sp(win2003:3, xpx64:3, win2003x64:3) > 0)\n {\n ## Check for Win32k.sys version before 5.2.3790.4980\n if(version_is_less(version:sysVer, test_version:\"5.2.3790.4980\"))\n {\n security_message(0);\n exit(0);\n }\n }\n\n ## Windows Vista and Windows Server 2008\n else if(hotfix_check_sp(winVista:3, win2008:3) > 0)\n {\n ## Check for Win32k.sys version\n if(version_is_less(version:sysVer, test_version:\"6.0.6002.18607\") ||\n version_in_range(version:sysVer, test_version:\"6.0.6002.22000\", test_version2:\"6.0.6002.22830\"))\n {\n security_message(0);\n exit(0);\n }\n }\n\n ## Windows 7 and Windows Server 2008 R2\n else if(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0)\n {\n ## Check for Win32k.sys version\n if(version_is_less(version:sysVer, test_version:\"6.1.7600.16988\") ||\n version_in_range(version:sysVer, test_version:\"6.1.7600.20000\", test_version2:\"6.1.7600.21178\")||\n version_in_range(version:sysVer, test_version:\"6.1.7601.17000\", test_version2:\"6.1.7601.17802\")||\n version_in_range(version:sysVer, test_version:\"6.1.7601.21000\", test_version2:\"6.1.7601.21954\"))\n {\n security_message(0);\n exit(0);\n }\n }\n}\n\n## Get Version from Dwrite.dll file\ndllVer = fetch_file_version(sysPath, file_name:\"system32\\Dwrite.dll\");\nif(dllVer)\n{\n ## Windows Vista and Windows Server 2008\n if(hotfix_check_sp(winVista:3, win2008:3) > 0)\n {\n ## Check for Dwrite.dll version\n if(version_is_less(version:dllVer, test_version:\"7.0.6002.18592\") ||\n version_in_range(version:dllVer, test_version:\"7.0.6002.22000\", test_version2:\"7.0.6002.22806\"))\n {\n security_message(0);\n exit(0);\n }\n }\n\n ## Windows 7 and Windows Server 2008 R2\n else if(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0)\n {\n ## Check for Dwrite.dll version\n if(version_is_less(version:dllVer, test_version:\"6.1.7600.16972\") ||\n version_in_range(version:dllVer, test_version:\"6.1.7600.20000\", test_version2:\"6.1.7600.21161\")||\n version_in_range(version:dllVer, test_version:\"6.1.7601.17000\", test_version2:\"6.1.7601.17788\")||\n version_in_range(version:dllVer, test_version:\"6.1.7601.21000\", test_version2:\"6.1.7601.21934\"))\n {\n security_message(0);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-01-08T14:04:29", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS12-034.", "cvss3": {}, "published": "2012-05-09T00:00:00", "type": "openvas", "title": "MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402", "CVE-2012-1848", "CVE-2012-0162", "CVE-2012-0164", "CVE-2012-0180", "CVE-2012-0176", "CVE-2012-0167", "CVE-2012-0159", "CVE-2012-0165", "CVE-2012-0181"], "modified": "2020-01-07T00:00:00", "id": "OPENVAS:1361412562310902832", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902832", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902832\");\n script_version(\"2020-01-07T09:06:32+0000\");\n script_bugtraq_id(50462, 53324, 53326, 53327, 53335, 53347, 53351, 53358,\n 53360, 53363);\n script_cve_id(\"CVE-2011-3402\", \"CVE-2012-0159\", \"CVE-2012-0162\", \"CVE-2012-0164\",\n \"CVE-2012-0165\", \"CVE-2012-0167\", \"CVE-2012-0176\", \"CVE-2012-0180\",\n \"CVE-2012-0181\", \"CVE-2012-1848\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-07 09:06:32 +0000 (Tue, 07 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-05-09 09:09:09 +0530 (Wed, 09 May 2012)\");\n script_name(\"MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578)\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2681578\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1027048\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\", \"gb_ms_silverlight_detect.nasl\",\n \"secpod_office_products_version_900032.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow an attacker to gain escalated privileges\n and execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft .NET Framework 4\n\n - Microsoft Silverlight 4 and 5\n\n - Microsoft .NET Framework 3.5.1\n\n - Microsoft Office 2003 Service Pack 3\n\n - Microsoft Office 2007 Service Pack 2\n\n - Microsoft Office 2010 Service Pack 1\n\n - Microsoft .NET Framework 3.0 Service Pack 2\n\n - Microsoft Windows 7 Service Pack 1 and prior\n\n - Microsoft Windows XP Service Pack 3 and prior\n\n - Microsoft Windows 2003 Service Pack 2 and prior\n\n - Microsoft Windows Vista Service Pack 2 and prior\n\n - Microsoft Windows Server 2008 Service Pack 2 and prior\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to\n\n - An error exists when parsing TrueType fonts.\n\n - An error in the t2embed.dll module when parsing TrueType fonts can be\n exploited via a specially crafted TTF file.\n\n - An error in GDI+ when handling certain records can be exploited via a\n specially crafted EMF image file.\n\n - An error in win32k.sys related to certain Windows and Messages handling\n can be exploited to execute arbitrary code in the context of another\n process.\n\n - An error in win32k.sys when handling keyboard layout files can be exploited\n to execute arbitrary code in the context of another process.\n\n - An error in win32k.sys related to scrollbar calculations can be exploited\n to execute arbitrary code in the context of another process.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security update according to\n Microsoft Bulletin MS12-034.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\ninclude(\"host_details.inc\");\n\nif(hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3, winVista:3,\n win7:2, win7x64:2, win2008:3, win2008r2:2) <= 0){\n exit(0);\n}\n\nif( infos = get_app_version_and_location( cpe:\"cpe:/a:microsoft:silverlight\", exit_no_version:FALSE ) ) {\n mslVers = infos['version'];\n mslPath = infos['location'];\n\n if( mslVers ) {\n if( version_is_less( version:mslVers, test_version:\"4.1.10329\" ) ||\n version_in_range( version:mslVers, test_version:\"5.0\", test_version2:\"5.1.10410\" ) ) {\n report = report_fixed_ver( installed_version:mslVers, vulnerable_range:\"< 4.1.10329 and 5.0 - 5.1.10410\", install_path:mslPath );\n security_message( port:0, data:report );\n exit( 0 );\n }\n }\n}\n\nkey = \"SOFTWARE\\Microsoft\\ASP.NET\\4.0.30319.0\";\nif(registry_key_exists(key:key))\n{\n path = registry_get_sz(key:key, item:\"Path\");\n if(path){\n dllv4 = fetch_file_version(sysPath:path, file_name:\"WPF\\Presentationcore.dll\");\n }\n}\n\n## .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7\nif(dllv4 &&\n (version_in_range(version:dllv4, test_version:\"4.0.30319.000\", test_version2:\"4.0.30319.274\") ||\n version_in_range(version:dllv4, test_version:\"4.0.30319.500\", test_version2:\"4.0.30319.549\")))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n\nkey = \"SOFTWARE\\Microsoft\\.NETFramework\\AssemblyFolders\\v3.0\";\nif(registry_key_exists(key:key))\n{\n path = registry_get_sz(key:key, item:\"All Assemblies In\");\n if(path){\n dllv3 = fetch_file_version(sysPath:path, file_name:\"System.Printing.dll\");\n }\n}\n\n## .NET Framework 3.0 Service Pack 2 on Windows XP and Windows Server 2003\nif(dllv3 && (hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3) > 0))\n{\n if(version_in_range(version:dllv3, test_version:\"3.0.6920.4000\", test_version2:\"3.0.6920.4020\") ||\n version_in_range(version:dllv3, test_version:\"3.0.6920.5000\", test_version2:\"3.0.6920.5809\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\n## .NET Framework 3.0 Service Pack 2 on Windows Vista and Windows Server 2008\nif(dllv3 && (hotfix_check_sp(winVista:3, win2008:3) > 0))\n{\n if(version_in_range(version:dllv3, test_version:\"3.0.6920.4000\", test_version2:\"3.0.6920.4212\") ||\n version_in_range(version:dllv3, test_version:\"3.0.6920.5000\", test_version2:\"3.0.6920.5793\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\n## .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2\nif(dllv3 && (hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0))\n{\n if(version_in_range(version:dllv3, test_version:\"3.0.6920.4000\", test_version2:\"3.0.6920.5004\") ||\n version_in_range(version:dllv3, test_version:\"3.0.6920.5800\", test_version2:\"3.0.6920.5808\") ||\n version_in_range(version:dllv3, test_version:\"3.0.6920.5400\", test_version2:\"3.0.6920.5447\") ||\n version_in_range(version:dllv3, test_version:\"3.0.6920.5700\", test_version2:\"3.0.6920.5793\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\nofficeVer = get_kb_item(\"MS/Office/Ver\");\n\n## MS Office 2007, 2010\nif(officeVer && officeVer =~ \"^1[24]\\.\")\n{\n path = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\", item:\"CommonFilesDir\");\n if(path)\n {\n foreach ver (make_list(\"OFFICE12\", \"OFFICE14\"))\n {\n offPath = path + \"\\Microsoft Shared\\\" + ver;\n dllVer = fetch_file_version(sysPath:offPath, file_name:\"Ogl.dll\");\n\n if(dllVer &&\n (version_in_range(version:dllVer, test_version:\"14.0\", test_version2:\"14.0.6117.5000\") ||\n version_in_range(version:dllVer, test_version:\"12.0\", test_version2:\"12.0.6659.4999\")))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n}\n\n## MS Office 2003\nif(officeVer && officeVer =~ \"^11\\.\")\n{\n offPath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\", item:\"ProgramFilesDir\");\n if(offPath)\n {\n offPath = offPath + \"\\Microsoft Office\\OFFICE11\";\n dllVer = fetch_file_version(sysPath:offPath, file_name:\"Gdiplus.dll\");\n\n if(dllVer && version_in_range(version:dllVer, test_version:\"11.0\", test_version2:\"11.0.8344\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n}\n\nsysPath = smb_get_systemroot();\nif(!sysPath){\n exit(0);\n}\n\nsysVer = fetch_file_version(sysPath:sysPath, file_name:\"system32\\Win32k.sys\");\nif(sysVer)\n{\n if(hotfix_check_sp(xp:4) > 0)\n {\n if(version_is_less(version:sysVer, test_version:\"5.1.2600.6206\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n\n else if(hotfix_check_sp(win2003:3, xpx64:3, win2003x64:3) > 0)\n {\n if(version_is_less(version:sysVer, test_version:\"5.2.3790.4980\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n\n else if(hotfix_check_sp(winVista:3, win2008:3) > 0)\n {\n if(version_is_less(version:sysVer, test_version:\"6.0.6002.18607\") ||\n version_in_range(version:sysVer, test_version:\"6.0.6002.22000\", test_version2:\"6.0.6002.22830\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n\n else if(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0)\n {\n if(version_is_less(version:sysVer, test_version:\"6.1.7600.16988\") ||\n version_in_range(version:sysVer, test_version:\"6.1.7600.20000\", test_version2:\"6.1.7600.21178\")||\n version_in_range(version:sysVer, test_version:\"6.1.7601.17000\", test_version2:\"6.1.7601.17802\")||\n version_in_range(version:sysVer, test_version:\"6.1.7601.21000\", test_version2:\"6.1.7601.21954\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n}\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"system32\\Dwrite.dll\");\nif(dllVer)\n{\n if(hotfix_check_sp(winVista:3, win2008:3) > 0)\n {\n if(version_is_less(version:dllVer, test_version:\"7.0.6002.18592\") ||\n version_in_range(version:dllVer, test_version:\"7.0.6002.22000\", test_version2:\"7.0.6002.22806\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n\n else if(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0)\n {\n if(version_is_less(version:dllVer, test_version:\"6.1.7600.16972\") ||\n version_in_range(version:dllVer, test_version:\"6.1.7600.20000\", test_version2:\"6.1.7600.21161\")||\n version_in_range(version:dllVer, test_version:\"6.1.7601.17000\", test_version2:\"6.1.7601.17788\")||\n version_in_range(version:dllVer, test_version:\"6.1.7601.21000\", test_version2:\"6.1.7601.21934\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-18T14:23:24", "description": "The version of Microsoft Silverlight installed on the remote host is reportedly affected by several vulnerabilities :\n\n - Incorrect handling of TrueType font (TTF) files could lead to arbitrary code execution. (CVE-2011-3402 / CVE-2012-0159)\n\n - A double-free condition leading to arbitrary code execution could be triggered when rendering specially crafted XAML glyphs. (CVE-2012-0176)", "cvss3": {}, "published": "2012-05-09T00:00:00", "type": "nessus", "title": "MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578) (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402", "CVE-2012-0159", "CVE-2012-0176"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/a:microsoft:silverlight"], "id": "MACOSX_MS12-034.NASL", "href": "https://www.tenable.com/plugins/nessus/59045", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(59045);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\"CVE-2011-3402\", \"CVE-2012-0159\", \"CVE-2012-0176\");\n script_bugtraq_id(50462, 53335, 53360);\n script_xref(name:\"MSFT\", value:\"MS12-034\");\n script_xref(name:\"MSKB\", value:\"2690729\");\n script_xref(name:\"MSKB\", value:\"2636927\");\n script_xref(name:\"IAVA\", value:\"2012-A-0079\");\n\n script_name(english:\"MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578) (Mac OS X)\");\n script_summary(english:\"Checks version of Microsoft Silverlight\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"A multimedia application framework installed on the remote Mac OS X\nhost is affected by a remote code execution vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of Microsoft Silverlight installed on the remote host\nis reportedly affected by several vulnerabilities :\n\n - Incorrect handling of TrueType font (TTF) files could\n lead to arbitrary code execution. (CVE-2011-3402 /\n CVE-2012-0159)\n\n - A double-free condition leading to arbitrary code\n execution could be triggered when rendering specially\n crafted XAML glyphs. (CVE-2012-0176)\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://technet.microsoft.com/en-us/security/bulletin/ms12-034\");\n script_set_attribute(attribute:\"solution\", value:\"Microsoft has released patches for Silverlight 4 and 5.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:silverlight\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_silverlight_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Silverlight/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nkb_base = \"MacOSX/Silverlight\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\n\n\nbulletin = \"MS12-034\";\nfixed_version = \"\";\n\n# nb: Multiple installs of Silverlight are not possible.\nif (version =~ \"^4\\.\")\n{\n fixed_version = \"4.1.10329.0\";\n kb = \"2690729\";\n}\nelse if (version =~ \"^5\\.\")\n{\n fixed_version = \"5.1.10411.0\";\n kb = \"2636927\";\n}\n\nif (fixed_version && ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)\n{\n if (defined_func(\"report_xml_tag\")) report_xml_tag(tag:bulletin, value:kb);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : '+fixed_version +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The Microsoft Silverlight \"+version+\" install is not reported to be affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:53", "description": "The remote Windows host is potentially affected by the following vulnerabilities :\n\n - Multiple code execution vulnerabilities exist in the handling of specially crafted TrueType font files.\n (CVE-2011-3402, CVE-2012-0159)\n\n - An insecure library loading vulnerability exists in the way that Microsoft Lync handles the loading of DLL files. (CVE-2012-1849)\n\n - An HTML sanitization vulnerability exists in the way that HTML is filtered. (CVE-2012-1858)", "cvss3": {}, "published": "2012-06-13T00:00:00", "type": "nessus", "title": "MS12-039: Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402", "CVE-2012-0159", "CVE-2012-1849", "CVE-2012-1858"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:microsoft:office_communicator", "cpe:/a:microsoft:lync"], "id": "SMB_NT_MS12-039.NASL", "href": "https://www.tenable.com/plugins/nessus/59457", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59457);\n script_version(\"1.31\");\n script_cvs_date(\"Date: 2018/11/15 20:50:31\");\n\n script_cve_id(\"CVE-2011-3402\", \"CVE-2012-0159\", \"CVE-2012-1849\", \"CVE-2012-1858\");\n script_bugtraq_id(50462, 53335, 53831, 53842);\n script_xref(name:\"EDB-ID\", value:\"19777\");\n script_xref(name:\"MSFT\", value:\"MS12-039\");\n script_xref(name:\"MSKB\", value:\"2693282\");\n script_xref(name:\"MSKB\", value:\"2693283\");\n script_xref(name:\"MSKB\", value:\"2696031\");\n script_xref(name:\"MSKB\", value:\"2702444\");\n script_xref(name:\"MSKB\", value:\"2708980\");\n\n script_name(english:\"MS12-039: Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)\");\n script_summary(english:\"Checks version of multiple files\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Arbitrary code can be executed on the remote host through Microsoft\nLync.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is potentially affected by the following\nvulnerabilities :\n\n - Multiple code execution vulnerabilities exist in the\n handling of specially crafted TrueType font files.\n (CVE-2011-3402, CVE-2012-0159)\n\n - An insecure library loading vulnerability exists in the\n way that Microsoft Lync handles the loading of DLL\n files. (CVE-2012-1849)\n\n - An HTML sanitization vulnerability exists in the way\n that HTML is filtered. (CVE-2012-1858)\");\n # http://blog.watchfire.com/wfblog/2012/07/tostatichtml-the-second-encounter-cve-2012-1858-html-sanitizing-information-disclosure-introduction-t.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7d49512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-12-129/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2012/Aug/58\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-039\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Lync 2010, Lync 2010\nAttendee, Lync 2010 Attendant, and Communicator 2007 R2.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office_communicator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:lync\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nglobal_var bulletin;\n\nfunction get_user_dirs()\n{\n local_var appdir, dirpat, domain, hklm, iter, lcpath, login, pass;\n local_var path, paths, pdir, port, rc, root, share, user, ver;\n\n paths = make_list();\n\n registry_init();\n hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\n pdir = get_registry_value(handle:hklm, item:\"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\ProfilesDirectory\");\n if (pdir && stridx(tolower(pdir), \"%systemdrive%\") == 0)\n {\n root = get_registry_value(handle:hklm, item:\"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SystemRoot\");\n if (!isnull(root))\n {\n share = ereg_replace(string:root, pattern:\"^([A-Za-z]):.*\", replace:\"\\1:\");\n pdir = share + substr(pdir, strlen(\"%systemdrive%\"));\n }\n }\n RegCloseKey(handle:hklm);\n close_registry(close:FALSE);\n\n if (!pdir)\n return NULL;\n\n ver = get_kb_item(\"SMB/WindowsVersion\");\n\n share = ereg_replace(string:pdir, pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\");\n dirpat = ereg_replace(string:pdir, pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\\*\");\n\n port = kb_smb_transport();\n if (!get_port_state(port)) audit(AUDIT_PORT_CLOSED, port);\n login = kb_smb_login();\n pass = kb_smb_password();\n domain = kb_smb_domain();\n\n rc = NetUseAdd(login:login, password:pass, domain:domain, share:share);\n if (rc != 1)\n {\n NetUseDel(close:FALSE);\n return NULL;\n }\n\n # 2000 / XP / 2003\n if (ver < 6)\n appdir += \"\\Local Settings\\Application Data\";\n # Vista / 7 / 2008\n else\n appdir += \"\\AppData\\Local\";\n\n paths = make_array();\n iter = FindFirstFile(pattern:dirpat);\n while (!isnull(iter[1]))\n {\n user = iter[1];\n iter = FindNextFile(handle:iter);\n\n if (user == \".\" || user == \"..\")\n continue;\n\n path = pdir + \"\\\" + user + appdir;\n\n lcpath = tolower(path);\n if (isnull(paths[lcpath]))\n paths[lcpath] = path;\n }\n\n NetUseDel(close:FALSE);\n\n return paths;\n}\n\nfunction check_vuln(file, fix, kb, key, min, paths)\n{\n local_var base, hklm, path, result, rc, share;\n\n if (!isnull(key))\n {\n registry_init();\n hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\n base = get_registry_value(handle:hklm, item:key);\n RegCloseKey(handle:hklm);\n close_registry(close:FALSE);\n\n if (isnull(base))\n return FALSE;\n }\n\n if (isnull(paths))\n paths = make_list(\"\");\n\n result = FALSE;\n foreach path (paths)\n {\n path = base + path;\n\n share = ereg_replace(string:path, pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\");\n if (!is_accessible_share(share:share))\n continue;\n\n rc = hotfix_check_fversion(file:file, version:fix, min_version:min, path:path, bulletin:bulletin, kb:kb);\n\n if (rc == HCF_OLDER)\n result = TRUE;\n }\n\n return result;\n}\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS12-039\";\nkbs = make_list(\"2693282\", \"2693283\", \"2696031\", \"2702444\", \"2708980\");\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\n# Add an extra node to the registry key if needed.\narch = get_kb_item_or_exit(\"SMB/ARCH\", exit_code:1);\nif (arch == \"x64\")\n extra = \"\\Wow6432Node\";\n\n######################################################################\n# Microsoft Communicator 2007 R2\n######################################################################\nvuln = check_vuln(\n key : \"SOFTWARE\\Microsoft\\Communicator\\InstallationDirectory\",\n file : \"Communicator.exe\",\n min : \"3.5.0.0\",\n fix : \"3.5.6907.253\",\n kb : \"2708980\"\n);\n\n######################################################################\n# Microsoft Lync 2010\n######################################################################\nif (!vuln)\n{\n vuln = check_vuln(\n key : \"SOFTWARE\" + extra + \"\\Microsoft\\Communicator\\InstallationDirectory\",\n file : \"Communicator.exe\",\n min : \"4.0.0.0\",\n fix : \"4.0.7577.4098\",\n kb : \"2693282\"\n );\n}\n\n######################################################################\n# Microsoft Lync 2010 Attendant\n######################################################################\nvuln = check_vuln(\n key : \"SOFTWARE\" + extra + \"\\Microsoft\\Attendant\\InstallationDirectory\",\n file : \"AttendantConsole.exe\",\n min : \"4.0.0.0\",\n fix : \"4.0.7577.4098\",\n kb : \"2702444\"\n) || vuln;\n\n######################################################################\n# Microsoft Lync 2010 Attendee (admin-level install)\n######################################################################\nvuln = check_vuln(\n key : \"SOFTWARE\\Microsoft\\AttendeeCommunicator\\InstallationDirectory\",\n file : \"CURes.dll\",\n min : \"4.0.0.0\",\n fix : \"4.0.7577.4098\",\n kb : \"2696031\"\n) || vuln;\n\n######################################################################\n# Microsoft Lync 2010 Attendee (user-level install)\n######################################################################\npaths = get_user_dirs();\n\nif (!isnull(paths))\n{\n vuln = check_vuln(\n paths : paths,\n file : \"\\Microsoft Lync Attendee\\System.dll\",\n min : \"4.0.0.0\",\n fix : \"4.0.60831.0\",\n kb : \"2693283\"\n ) || vuln;\n}\n\n# Disconnect from registry.\nclose_registry();\n\nif (vuln)\n{\n set_kb_item(name:\"www/0/XSS\", value:TRUE);\n\n set_kb_item(name:\"SMB/Missing/\" + bulletin, value:TRUE);\n hotfix_security_hole();\n\n hotfix_check_fversion_end();\n exit(0);\n}\n\nhotfix_check_fversion_end();\nexit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:10", "description": "The remote host has an unspecified code execution vulnerability in the Win32k TrueType font parsing engine. Specially crafted TrueType fonts are not properly handled, which could allow arbitrary code execution in kernel mode. A remote attacker could exploit this vulnerability by tricking a user into viewing a specially crafted TrueType font (e.g., via web or email). \n\nThis vulnerability is reportedly exploited by the Duqu malware and is being exploited in the wild.\n\nNote that this plugin has been deprecated on December 13, 2011 with the publication by Microsoft of MS11-087.", "cvss3": {}, "published": "2011-11-04T00:00:00", "type": "nessus", "title": "MS KB2639658: Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege (DEPRECATED)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402"], "modified": "2017-08-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_KB2639658.NASL", "href": "https://www.tenable.com/plugins/nessus/56711", "sourceData": "#%NASL_MIN_LEVEL 999999\n\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# @DEPRECATED@\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(56711);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\"CVE-2011-3402\");\n script_bugtraq_id(50462);\n script_xref(name:\"CERT\", value:\"316553\");\n script_xref(name:\"MSKB\", value:\"2639658\");\n\n script_name(english:\"MS KB2639658: Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege (DEPRECATED)\");\n script_summary(english:\"Checks permissions on t2embed.dll\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Windows host has a code execution vulnerability in its\nfont parsing engine.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host has an unspecified code execution vulnerability in\nthe Win32k TrueType font parsing engine. Specially crafted TrueType\nfonts are not properly handled, which could allow arbitrary code\nexecution in kernel mode. A remote attacker could exploit this\nvulnerability by tricking a user into viewing a specially crafted\nTrueType font (e.g., via web or email). \n\nThis vulnerability is reportedly exploited by the Duqu malware and is\nbeing exploited in the wild.\n\nNote that this plugin has been deprecated on December 13, 2011 with\nthe publication by Microsoft of MS11-087.\"\n );\n script_set_attribute(attribute:\"see_also\",value:\"http://www.crysys.hu/\");\n script_set_attribute(attribute:\"see_also\",value:\"http://www.symantec.com/connect/w32_duqu_precursor_next_stuxnet\");\n # http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit\n script_set_attribute(attribute:\"see_also\",value:\"http://www.nessus.org/u?70696c53\");\n script_set_attribute(attribute:\"see_also\",value:\"http://technet.microsoft.com/en-us/security/advisory/2639658\");\n script_set_attribute(attribute:\"see_also\",value:\"http://support.microsoft.com/kb/2639658\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Apply the workaround referenced in Microsoft Security Advisory\n(2639658). This workaround may cause some fonts to display\nimproperly. Refer to the advisory for more information.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:TF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/04\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"SMB/WindowsVersion\", \"SMB/ARCH\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\n# This script has been disabled and is intended to be blank.\n# Disabled on 2011/12/23. Deprecated by smb_nt_ms11-087.nasl.\nexit(0, \"Deprecated - replaced by smb_nt_ms11-087.nasl\");\n\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\n\nACCESS_DENIED_ACE_TYPE = 1; # this should probably be put into an include file\n\n##\n# Opens the given file. Assumes an absolute path will be given and\n# the caller has already connected to the appropriate share.\n#\n# @anonparam path pathname of the file to open\n#\n# @return file handle for 'path' if it exists could be opened,\n# NULL otherwise\n##\nfunction open_file()\n{\n local_var path, fh;\n path = substr(_FCT_ANON_ARGS[0], 2); # strip leading drive information\n\n fh = CreateFile(\n file:path,\n desired_access:GENERIC_READ,\n file_attributes:FILE_ATTRIBUTE_NORMAL,\n share_mode:FILE_SHARE_READ,\n create_disposition:OPEN_EXISTING\n );\n\n return fh;\n}\n\n##\n# Gets the DACL of the given file\n#\n# @anonparam fh handle of the file to obtain the DACL for\n#\n# @return DACL associated with 'fh'\n##\nfunction get_dacl()\n{\n local_var fh, sd, dacl;\n fh = _FCT_ANON_ARGS[0];\n\n sd = GetSecurityInfo(handle:fh, level:DACL_SECURITY_INFORMATION);\n if (isnull(sd))\n {\n debug_print(\"Unable to access security descriptor.\");\n return NULL;\n }\n \n dacl = sd[3];\n if (isnull(dacl))\n {\n debug_print(\"Unable to retrieve DACL.\");\n return NULL;\n }\n \n dacl = parse_pdacl(blob:dacl);\n if (isnull(dacl))\n {\n debug_print(\"Error parsing DACL.\");\n return NULL;\n }\n\n return dacl;\n}\n\n##\n# Checks the permissions of the given file to see if the workaround\n# from MS KB2639658 is being used\n#\n# @anonparam path pathname of the file to check\n#\n# @return TRUE if the file exists and the workaround is not in place,\n# FALSE otherwise\n##\nfunction workaround_missing()\n{\n local_var path, fh, dacl, ace, sid, rights, type;\n path = _FCT_ANON_ARGS[0];\n\n fh = open_file(path);\n if (isnull(fh))\n {\n debug_print('Unable to open ' + path);\n return FALSE;\n }\n\n dacl = get_dacl(fh);\n CloseFile(handle:fh);\n if (isnull(dacl))\n {\n debug_print('Unable to get DACL for ' + path);\n return FALSE;\n }\n\n foreach ace (dacl)\n {\n ace = parse_dacl(blob:ace);\n if (isnull(ace))\n {\n debug_print(\"Error parsing ACE.\");\n continue;\n }\n \n rights = ace[0];\n type = ace[3];\n sid = sid2string(sid:ace[1]);\n if (isnull(sid))\n {\n debug_print(1, \"Error parsing SID.\");\n continue;\n }\n \n # Explicitly check for the workaround:\n # a 1) an deny ACE 2) for Everyone 3) for full access\n if (\n type == ACCESS_DENIED_ACE_TYPE &&\n sid == '1-1-0' &&\n rights & FILE_ALL_ACCESS == FILE_ALL_ACCESS\n )\n {\n return FALSE; # workaround exists, therefore workaround_missing is FALSE\n }\n }\n \n return TRUE; # if the ACE created by the workaround wasn't seen, the workaround is missing\n}\n \nget_kb_item_or_exit('SMB/WindowsVersion');\nif (hotfix_check_sp(xp:4, win2003:3, vista:3, win7:2) <= 0) exit(0, 'Host is not affected based on its version / service pack.');\nif (hotfix_check_server_core() == 1) exit(0, \"Windows Server Core installs are not affected.\");\n\narch = get_kb_item_or_exit('SMB/ARCH');\nroot = hotfix_get_systemroot();\npaths = NULL;\n\nif (hotfix_check_sp(xp:4, win2003:3) > 0)\n{\n # For 32-bit systems, enter the following command at an administrative command prompt:\n # Echo y| cacls \"%windir%\\system32\\t2embed.dll\" /E /P everyone:N\n if (arch == 'x86')\n paths = make_list(root + \"\\system32\\t2embed.dll\");\n\n # For 64-bit systems, enter the following command from an administrative command prompt:\n # Echo y| cacls \"%windir%\\system32\\t2embed.dll\" /E /P everyone:N\n # Echo y| cacls \"%windir%\\syswow64\\t2embed.dll\" /E /P everyone:N\n if (arch == 'x64')\n paths = make_list(root + \"\\system32\\t2embed.dll\", root + \"\\syswow64\\t2embed.dll\");\n}\nelse if (hotfix_check_sp(vista:3, win7:2) > 0)\n{\n # For 32-bit systems, enter the following command at an administrative command prompt:\n # Takeown.exe /f \"%windir%\\system32\\t2embed.dll\"\n # Icacls.exe \"%windir%\\system32\\t2embed.dll\" /deny everyone:(F)\n if (arch == 'x86')\n paths = make_list(root + \"\\system32\\t2embed.dll\");\n\n # For 64-bit systems, enter the following command at an administrative command prompt:\n # Takeown.exe /f \"%windir%\\system32\\t2embed.dll\"\n # Icacls.exe \"%windir%\\system32\\t2embed.dll\" /deny everyone:(F)\n # Takeown.exe /f \"%windir%\\syswow64\\t2embed.dll\"\n # Icacls.exe \"%windir%\\syswow64\\t2embed.dll\" /deny everyone:(F)\n if (arch == 'x64')\n paths = make_list(root + \"\\system32\\t2embed.dll\", root + \"\\syswow64\\t2embed.dll\");\n}\n\nif (isnull(paths))\n exit(0, 'The version of Windows installed on this host doesn\\'t appear to be affected.');\n\nshare = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:root);\nname = kb_smb_name();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\nport = kb_smb_transport();\n\nif (!get_port_state(port))exit(1, \"Port \"+port+\" is not open.\");\n\nsoc = open_sock_tcp(port);\nif (!soc)exit(1, \"Failed to open a socket on port \"+port+\".\");\n\nsession_init(socket:soc, hostname:name);\nr = NetUseAdd(login:login, password:pass, domain:domain, share:share);\nif ( r != 1 )\n{\n NetUseDel();\n exit(1, \"Unable to access the '\" + share + \"' share.\");\n}\n\nvuln_paths = make_list();\n\nforeach path (paths)\n{\n if (workaround_missing(path))\n vuln_paths = make_list(vuln_paths, path);\n} \n\nNetUseDel();\n\nif (max_index(vuln_paths) == 0)\n{\n exit(0, 'The host is not affected.');\n}\nelse\n{\n if (max_index(vuln_paths) == 1) s = ' has';\n else s = 's have';\n\n report = '\\nThe following file' + s + ' not been modified by the workaround :\\n\\n' + join(vuln_paths, sep:'\\n') + '\\n';\n security_hole(port:port, extra:report);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:44", "description": "The remote host is running a version of the Windows kernel that is affected by a remote code execution vulnerability. Specially crafted TrueType fonts are not properly handled, which could allow arbitrary code execution in kernel mode. A remote attacker could exploit this vulnerability by tricking a user into viewing a specially crafted TrueType font (e.g., via web or email).\n\nThis vulnerability is reportedly being exploited in the wild by the Duqu malware.", "cvss3": {}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "MS11-087: Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS11-087.NASL", "href": "https://www.tenable.com/plugins/nessus/57273", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(57273);\n script_version(\"1.23\");\n script_cvs_date(\"Date: 2018/11/15 20:50:31\");\n\n script_cve_id(\"CVE-2011-3402\");\n script_bugtraq_id(50462);\n script_xref(name:\"CERT\", value:\"316553\");\n script_xref(name:\"MSFT\", value:\"MS11-087\");\n script_xref(name:\"MSKB\", value:\"2639417\");\n\n script_name(english:\"MS11-087: Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417)\");\n script_summary(english:\"Checks version of win32k.sys\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Windows kernel is affected by a remote code execution\nvulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is running a version of the Windows kernel that is\naffected by a remote code execution vulnerability. Specially crafted\nTrueType fonts are not properly handled, which could allow arbitrary\ncode execution in kernel mode. A remote attacker could exploit this\nvulnerability by tricking a user into viewing a specially crafted\nTrueType font (e.g., via web or email).\n\nThis vulnerability is reportedly being exploited in the wild by the Duqu\nmalware.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.crysys.hu/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.symantec.com/connect/w32_duqu_precursor_next_stuxnet\");\n # https://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5829938d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2011/2639658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2011/ms11-087\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Microsoft has released a set of patches for Windows XP, 2003, Vista,\n2008, 7, and 2008 R2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS11-087';\nkb = '2639417';\n\nkbs = make_list(kb);\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nrootfile = hotfix_get_systemroot();\nif (!rootfile) exit(1, \"Failed to get the system root.\");\n\nshare = hotfix_path2share(path:rootfile);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 7 / 2008 R2\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Win32k.sys\", version:\"6.1.7601.21866\", min_version:\"6.1.7601.21000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Win32k.sys\", version:\"6.1.7601.17730\", min_version:\"6.1.7601.17000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:0, file:\"Win32k.sys\", version:\"6.1.7600.21097\", min_version:\"6.1.7600.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:0, file:\"Win32k.sys\", version:\"6.1.7600.16920\", min_version:\"6.1.7600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Windows Vista / 2008\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Win32k.sys\", version:\"6.0.6002.22745\", min_version:\"6.0.6002.22000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Win32k.sys\", version:\"6.0.6002.18544\", min_version:\"6.0.6001.18000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Windows 2003 / XP 64-bit\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"Win32k.sys\", version:\"5.2.3790.4938\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Windows XP 32-bit\n hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"Win32k.sys\", version:\"5.1.2600.6178\", dir:\"\\system32\", bulletin:bulletin, kb:kb)\n)\n{\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_hole();\n\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:24", "description": "The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists in the Win32k TrueType font parsing engine that allows an unauthenticated, remote attacker to execute arbitrary code by convincing a user to open a Word document containing malicious font data.\n (CVE-2011-3402)\n\n - A flaw exists in the t2embed.dll module when parsing TrueType fonts. An unauthenticated, remote attacker can exploit this, via a crafted TTF file, to execute arbitrary code. (CVE-2012-0159)\n\n - A flaw exists in the .NET Framework due to a buffer allocation error when handling an XBAP or .NET application. An unauthenticated, remote attacker can exploit this, via a specially crafted application, to execute arbitrary code. (CVE-2012-0162)\n\n - A flaw exists in the .NET Framework due to an error when comparing the value of an index in a WPF application. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n (CVE-2012-0164)\n\n - A flaw exists in GDI+ when handling specially crafted EMF images that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2012-0165)\n\n - A heap buffer overflow condition exists in Microsoft Office in the GDI+ library when handling EMF images embedded in an Office document. An unauthenticated, remote attacker can exploit this to execute arbitrary code by convincing a user to open a specially crafted document. (CVE-2012-0167)\n\n - A double-free error exists in agcore.dll when rendering XAML strings containing Hebrew Unicode glyphs of certain values. An unauthenticated, remote attacker can exploit this to execute arbitrary code by convincing a user to visit a specially crafted web page. (CVE-2012-0176)\n\n - A privilege escalation vulnerability exists in the way the Windows kernel-mode driver manages the functions related to Windows and Messages handling. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges.\n (CVE-2012-0180)\n\n - A privilege escalation vulnerability exists in the way the Windows kernel-mode driver manages Keyboard Layout files. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2012-0181)\n\n - A privilege escalation vulnerability exists in the way the Windows kernel-mode driver manages scrollbar calculations. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2012-1848)", "cvss3": {}, "published": "2012-05-09T00:00:00", "type": "nessus", "title": "MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402", "CVE-2012-0159", "CVE-2012-0162", "CVE-2012-0164", "CVE-2012-0165", "CVE-2012-0167", "CVE-2012-0176", "CVE-2012-0180", "CVE-2012-0181", "CVE-2012-1848"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:office", "cpe:/a:microsoft:silverlight", "cpe:/a:microsoft:.net_framework"], "id": "SMB_NT_MS12-034.NASL", "href": "https://www.tenable.com/plugins/nessus/59042", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(59042);\n script_version(\"1.49\");\n script_cvs_date(\"Date: 2018/11/15 20:50:31\");\n\n script_cve_id(\n \"CVE-2011-3402\",\n \"CVE-2012-0159\",\n \"CVE-2012-0162\",\n \"CVE-2012-0164\",\n \"CVE-2012-0165\",\n \"CVE-2012-0167\",\n \"CVE-2012-0176\",\n \"CVE-2012-0180\",\n \"CVE-2012-0181\",\n \"CVE-2012-1848\"\n );\n script_bugtraq_id(\n 50462,\n 53324,\n 53326,\n 53327,\n 53335,\n 53347,\n 53351,\n 53358,\n 53360,\n 53363\n );\n script_xref(name:\"MSFT\", value:\"MS12-034\");\n script_xref(name:\"IAVA\", value:\"2012-A-0079\");\n script_xref(name:\"EDB-ID\", value:\"18894\");\n script_xref(name:\"ZDI\", value:\"ZDI-12-131\");\n script_xref(name:\"MSKB\", value:\"2589337\");\n script_xref(name:\"MSKB\", value:\"2596672\");\n script_xref(name:\"MSKB\", value:\"2596792\");\n script_xref(name:\"MSKB\", value:\"2598253\");\n script_xref(name:\"MSKB\", value:\"2636927\");\n script_xref(name:\"MSKB\", value:\"2656405\");\n script_xref(name:\"MSKB\", value:\"2656407\");\n script_xref(name:\"MSKB\", value:\"2656409\");\n script_xref(name:\"MSKB\", value:\"2656410\");\n script_xref(name:\"MSKB\", value:\"2656411\");\n script_xref(name:\"MSKB\", value:\"2658846\");\n script_xref(name:\"MSKB\", value:\"2659262\");\n script_xref(name:\"MSKB\", value:\"2660649\");\n script_xref(name:\"MSKB\", value:\"2676562\");\n script_xref(name:\"MSKB\", value:\"2686509\");\n script_xref(name:\"MSKB\", value:\"2690729\");\n\n script_name(english:\"MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)\");\n script_summary(english:\"Checks the version of multiple files.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - A flaw exists in the Win32k TrueType font parsing engine\n that allows an unauthenticated, remote attacker to\n execute arbitrary code by convincing a user to open a\n Word document containing malicious font data.\n (CVE-2011-3402)\n\n - A flaw exists in the t2embed.dll module when parsing\n TrueType fonts. An unauthenticated, remote attacker can\n exploit this, via a crafted TTF file, to execute\n arbitrary code. (CVE-2012-0159)\n\n - A flaw exists in the .NET Framework due to a buffer\n allocation error when handling an XBAP or .NET\n application. An unauthenticated, remote attacker can\n exploit this, via a specially crafted application, to\n execute arbitrary code. (CVE-2012-0162)\n\n - A flaw exists in the .NET Framework due to an error\n when comparing the value of an index in a WPF\n application. An unauthenticated, remote attacker can\n exploit this to cause a denial of service condition.\n (CVE-2012-0164)\n\n - A flaw exists in GDI+ when handling specially crafted\n EMF images that allows an unauthenticated, remote\n attacker to execute arbitrary code. (CVE-2012-0165)\n\n - A heap buffer overflow condition exists in Microsoft\n Office in the GDI+ library when handling EMF images\n embedded in an Office document. An unauthenticated,\n remote attacker can exploit this to execute arbitrary\n code by convincing a user to open a specially crafted\n document. (CVE-2012-0167)\n\n - A double-free error exists in agcore.dll when rendering\n XAML strings containing Hebrew Unicode glyphs of certain\n values. An unauthenticated, remote attacker can exploit\n this to execute arbitrary code by convincing a user to\n visit a specially crafted web page. (CVE-2012-0176)\n\n - A privilege escalation vulnerability exists in the\n way the Windows kernel-mode driver manages the functions\n related to Windows and Messages handling. A local\n attacker can exploit this, via a specially crafted\n application, to gain elevated privileges.\n (CVE-2012-0180)\n\n - A privilege escalation vulnerability exists in the way\n the Windows kernel-mode driver manages Keyboard Layout\n files. A local attacker can exploit this, via a\n specially crafted application, to gain elevated\n privileges. (CVE-2012-0181)\n\n - A privilege escalation vulnerability exists in the way\n the Windows kernel-mode driver manages scrollbar\n calculations. A local attacker can exploit this, via a\n specially crafted application, to gain elevated\n privileges. (CVE-2012-1848)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-12-131/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2012/Aug/60\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-034\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows XP, 2003, Vista,\n2008, 7, 2008 R2; Office 2003, 2007, and 2010; .NET Framework 3.0,\n3.5.1, and 4.0; and Silverlight 4 and 5.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:silverlight\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:.net_framework\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\n \"smb_hotfixes.nasl\",\n \"office_installed.nasl\",\n \"silverlight_detect.nasl\",\n \"ms_bulletin_checks_possible.nasl\"\n );\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS12-034';\nkbs = make_list(\n '2589337',\n '2596672',\n '2596672',\n '2596792',\n '2598253',\n '2636927',\n '2656405',\n '2656407',\n '2656409',\n '2656410',\n '2656411',\n '2658846',\n '2659262',\n '2660649',\n '2676562',\n '2686509',\n '2690729'\n);\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nvuln = 0;\n\n#######################\n# KB2686509 #\n#######################\nwinver = get_kb_item('SMB/WindowsVersion');\nspver = get_kb_item('SMB/CSDVersion');\nprodname = get_kb_item('SMB/ProductName');\nif (spver)\n spver = int(ereg_replace(string:spver, pattern:'.*Service Pack ([0-9]).*', replace:\"\\1\"));\nif (\n winver && spver && prodname &&\n ((winver == '5.2' && spver == 2) ||\n (winver == '5.1' && spver == 3))\n)\n{\n if (winver == '5.2' && spver == 2 && 'XP' >< prodname)\n reg_name = \"SOFTWARE\\Microsoft\\Updates\\Windows XP Version 2003\\SP3\\KB2686509\\Description\";\n else if (winver == '5.2' && spver == 2)\n reg_name = \"SOFTWARE\\Microsoft\\Updates\\Windows Server 2003\\SP3\\KB2686509\\Description\";\n else if (winver == '5.1' && spver == 3)\n reg_name = \"SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP4\\KB2686509\\Description\";\n\n registry_init();\n hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\n desc = get_registry_value(handle:hklm, item:reg_name);\n RegCloseKey(handle:hklm);\n close_registry();\n\n if (isnull(desc))\n {\n hotfix_add_report(' According to the registry, KB2686509 is missing.\\n', bulletin:bulletin, kb:\"2686509\");\n vuln++;\n }\n}\n\nrootfile = hotfix_get_systemroot();\nif (!rootfile) exit(1, \"Failed to get the system root.\");\n\nshare = hotfix_path2share(path:rootfile);\npath = ereg_replace(pattern:'^[A-Za-z]:(.*)', replace:\"\\1$\", string:rootfile);\n\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\nport = kb_smb_transport();\n\nif(! smb_session_init()) audit(AUDIT_FN_FAIL, \"smb_session_init\");\n\nhcf_init = TRUE;\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\noffice_versions = hotfix_check_office_version();\ncdir = hotfix_get_commonfilesdir();\n\n################################################################\n# Office Checks #\n################################################################\n\n#############################\n# Office 2003 SP3 KB2598253 #\n#############################\nif (office_versions[\"11.0\"])\n{\n office_sp = get_kb_item(\"SMB/Office/2003/SP\");\n if (!isnull(office_sp) && office_sp == 3)\n {\n path = hotfix_get_officeprogramfilesdir(officever:'11.0') + \"\\Microsoft Office\\Office11\";\n\n if (hotfix_is_vulnerable(file:\"Gdiplus.dll\", version:\"11.0.8345.0\", min_version:\"11.0.0.0\", path:path, bulletin:bulletin, kb:'2598253'))\n vuln++;\n }\n}\n\n#############################\n# Office 2007 SP2 #\n# KB2596672, KB2596792 #\n#############################\nif (office_versions[\"12.0\"])\n{\n office_sp = get_kb_item(\"SMB/Office/2007/SP\");\n if (!isnull(office_sp) && (office_sp == 2 || office_sp == 3))\n {\n path = cdir + \"\\Microsoft Shared\\Office12\";\n if (hotfix_is_vulnerable(file:\"Ogl.dll\", version:\"12.0.6659.5000\", path:path, bulletin:bulletin, kb:'2596672'))\n vuln++;\n\n path = cdir + \"\\Microsoft SHared\\MODI\\12.0\";\n if (hotfix_is_vulnerable(file:\"Mspcore.dll\", version:\"12.0.6658.5001\", path:path, bulletin:bulletin, kb:'2596792'))\n vuln++;\n }\n}\n\n#############################\n# Office 2010 KB2589337 #\n#############################\nif (office_versions[\"14.0\"])\n{\n office_sp = get_kb_item(\"SMB/Office/2010/SP\");\n if (!isnull(office_sp) && (office_sp == 0 || office_sp == 1))\n {\n path = cdir + \"\\Microsoft Shared\\Office14\";\n if (hotfix_is_vulnerable(file:\"Ogl.dll\", version:\"14.0.6117.5001\", path:path, bulletin:bulletin, kb:'2589337'))\n vuln++;\n }\n}\n\n# Silverlight 4.x / 5.x\nslfix = NULL;\nslkb = NULL;\nver = get_kb_item(\"SMB/Silverlight/Version\");\nif (ver =~ '^4\\\\.' && ver_compare(ver:ver, fix:'4.1.10329.0') == -1)\n{\n slfix = '4.1.10329';\n slkb = '2690729';\n}\nelse if (ver =~ '^5\\\\.' && ver_compare(ver:ver, fix:'5.1.10411.0') == -1)\n{\n slfix = '5.1.10411';\n slkb = '2636927';\n}\nif (slfix)\n{\n path = get_kb_item(\"SMB/Silverlight/Path\");\n report +=\n '\\n Product : Microsoft Silverlight' +\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + slfix + '\\n';\n hotfix_add_report(report, bulletin:bulletin, kb:slkb);\n vuln++;\n}\n\nif (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'0,1') <= 0)\n{\n if (vuln > 0)\n {\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n }\n else audit(AUDIT_OS_SP_NOT_VULN);\n}\n\nif (!is_accessible_share()) exit(1, \"is_accessible_share() failed.\");\n################################################################\n# .NET Framework Checks #\n################################################################\n\n\nnet3path = hotfix_get_programfilesdir() + \"\\Reference Assemblies\\Microsoft\\Framework\\v3.0\";\nif (!isnull(net3path))\n{\n # .NET Framework 3.0 on Windows XP / Windows Server 2003\n missing = 0;\n missing += hotfix_is_vulnerable(os:\"5.1\", file:\"PresentationCore.dll\", version:\"3.0.6920.4021\", min_version:\"3.0.6920.0\", dir:net3path);\n missing += hotfix_is_vulnerable(os:\"5.1\", file:\"PresentationCore.dll\", version:\"3.0.6920.5810\", min_version:\"3.0.6920.5700\", dir:net3path);\n missing += hotfix_is_vulnerable(os:\"5.2\", file:\"PresentationCore.dll\", version:\"3.0.6920.4021\", min_version:\"3.0.6920.0\", dir:net3path);\n missing += hotfix_is_vulnerable(os:\"5.2\", file:\"PresentationCore.dll\", version:\"3.0.6920.5810\", min_version:\"3.0.6920.5700\", dir:net3path);\n if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"2656407\");\n vuln += missing;\n\n # .NET Framework 3.0 on Windows Vista / Windows Server 2008\n missing = 0;\n missing += hotfix_is_vulnerable(os:\"6.0\", file:\"PresentationCore.dll\", version:\"3.0.6920.4213\", min_version:\"3.0.6920.0\", dir:net3path);\n missing += hotfix_is_vulnerable(os:\"6.0\", file:\"PresentationCore.dll\", version:\"3.0.6920.5794\", min_version:\"3.0.6920.5700\", dir:net3path);\n if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"2656409\");\n vuln += missing;\n\n # .NET Framework 3.5.1 on Windows 7 / Server 2008 R2\n missing = 0;\n missing += hotfix_is_vulnerable(os:\"6.1\", sp:0, file:\"PresentationCore.dll\", version:\"3.0.6920.5809\", min_version:\"3.0.6920.5700\", dir:net3path);\n missing += hotfix_is_vulnerable(os:\"6.1\", sp:0, file:\"PresentationCore.dll\", version:\"3.0.6920.5005\", min_version:\"3.0.6920.5000\", dir:net3path);\n\n if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"2656410\");\n vuln += missing;\n\n # .NET Framework 3.5.1 on Windows 7 SP1 / Server 2008 R2 SP1\n missing = 0;\n missing += hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"PresentationCore.dll\", version:\"3.0.6920.5794\", min_version:\"3.0.6920.5700\", dir:net3path);\n missing += hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"PresentationCore.dll\", version:\"3.0.6920.5448\", min_version:\"3.0.6920.5000\", dir:net3path);\n\n if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"2633873\");\n vuln += missing;\n}\n# .NET Framework 4.0 on all supported versions of Windows\nmissing = 0;\nmissing += hotfix_is_vulnerable(os:\"5.1\", file:\"PresentationCore.dll\", version:\"4.0.30319.275\", min_version:\"4.0.30319.0\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\");\nmissing += hotfix_is_vulnerable(os:\"5.1\", file:\"PresentationCore.dll\", version:\"4.0.30319.550\", min_version:\"4.0.30319.400\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\");\nmissing += hotfix_is_vulnerable(os:\"5.2\", file:\"PresentationCore.dll\", version:\"4.0.30319.275\", min_version:\"4.0.30319.0\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\");\nmissing += hotfix_is_vulnerable(os:\"5.2\", file:\"PresentationCore.dll\", version:\"4.0.30319.550\", min_version:\"4.0.30319.400\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\");\nmissing += hotfix_is_vulnerable(os:\"6.0\", file:\"PresentationCore.dll\", version:\"4.0.30319.275\", min_version:\"4.0.30319.0\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\");\nmissing += hotfix_is_vulnerable(os:\"6.0\", file:\"PresentationCore.dll\", version:\"4.0.30319.550\", min_version:\"4.0.30319.400\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\");\nmissing += hotfix_is_vulnerable(os:\"6.1\", file:\"PresentationCore.dll\", version:\"4.0.30319.275\", min_version:\"4.0.30319.0\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\");\nmissing += hotfix_is_vulnerable(os:\"6.1\", file:\"PresentationCore.dll\", version:\"4.0.30319.550\", min_version:\"4.0.30319.400\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\");\n\nif (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"2656405\");\nvuln += missing;\n\n################################################################\n# Windows Checks #\n################################################################\n\n#######################\n# KB2676562 #\n#######################\nmissing = 0;\n# Windows 7 / 2008 R2\nmissing += hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Win32k.sys\", version:\"6.1.7601.21955\", min_version:\"6.1.7601.21000\", dir:\"\\system32\");\nmissing += hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Win32k.sys\", version:\"6.1.7601.17803\", min_version:\"6.1.7601.17000\", dir:\"\\system32\");\nmissing += hotfix_is_vulnerable(os:\"6.1\", sp:0, file:\"Win32k.sys\", version:\"6.1.7600.21179\", min_version:\"6.1.7600.20000\", dir:\"\\system32\");\nmissing += hotfix_is_vulnerable(os:\"6.1\", sp:0, file:\"Win32k.sys\", version:\"6.1.7600.16988\", min_version:\"6.1.7600.16000\", dir:\"\\system32\");\n\n# Windows Vista / 2008\nmissing += hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Win32k.sys\", version:\"6.0.6002.22831\", min_version:\"6.0.6002.22000\", dir:\"\\system32\");\nmissing += hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Win32k.sys\", version:\"6.0.6002.18607\", min_version:\"6.0.6002.18000\", dir:\"\\system32\");\n\n# Windows 2003 / XP 64-bit\nmissing += hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"Win32k.sys\", version:\"5.2.3790.4980\", dir:\"\\system32\");\n\n# Windows XP 32-bit\nmissing += hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"Win32k.sys\", version:\"5.1.2600.6206\", dir:\"\\system32\");\nif (missing > 0) hotfix_add_report(bulletin:bulletin, kb:'2676562');\nvuln+= missing;\n\n################################\n# WinSxS Checks #\n################################\nwinsxs = ereg_replace(pattern:'^[A-Za-z]:(.*)', replace:\"\\1\\WinSxS\", string:rootfile);\n\n#######################\n# KB2659262 #\n#######################\nkb = '2659262';\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:'microsoft.windows.gdiplus', file_pat:'^gdiplus\\\\.dll$');\n\n# Windows XP / 2003\nvuln += hotfix_check_winsxs(os:'5.1', sp:3, files:files, versions:make_list('5.2.6002.22791'), bulletin:bulletin, kb:kb);\nvuln += hotfix_check_winsxs(os:'5.2', sp:2, files:files, versions:make_list('5.2.6002.22791'), bulletin:bulletin, kb:kb);\n\n# Windows Vista / 2008\nversions = make_list('5.2.6002.18581', '5.2.6002.22795', '6.0.6002.18581', '6.0.6002.22795');\nmax_versions = make_list('5.2.6002.20000', '5.2.6002.99999', '6.0.6002.20000', '6.0.6002.99999');\nvuln += hotfix_check_winsxs(os:'6.0', sp:2, files:files, versions:versions, max_versions:max_versions, bulletin:bulletin, kb:kb);\n\n# Windows 7 / 2008 R2\nversions = make_list('5.2.7600.17007', '5.2.7600.21198', '5.2.7601.17825', '5.2.7601.21977', '6.1.7600.17007', '6.1.7600.21198', '6.1.7601.17825', '6.1.7601.21977');\nmax_versions = make_list('5.2.7600.20000', '5.2.7600.99999', '5.2.7601.20000', '5.2.7601.99999', '6.1.7600.20000', '6.1.7600.99999', '6.1.7601.20000', '6.1.7601.99999');\nvuln += hotfix_check_winsxs(os:'6.1', files:files, versions:versions, max_versions:max_versions, bulletin:bulletin, kb:kb);\n\n#######################\n# KB2658846 #\n#######################\nkb = '2658846';\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:'microsoft-windows-directwrite', file_pat:'^Dwrite\\\\.dll$');\n\n# Windows Vista / Windows Server 2008\nvuln += hotfix_check_winsxs(os:'6.0', files:files, versions:make_list('7.0.6002.18592', '7.0.6002.22807'), max_versions:make_list('7.0.6002.20000', '7.0.6002.99999'), bulletin:bulletin, kb:kb);\n\n# Windows 7 2008 R2\nversions = make_list('6.1.7600.16972', '6.1.7600.21162', '6.1.7601.17789', '6.1.7601.21935');\nmax_versions = make_list('6.1.7600.20000', '6.1.7600.99999', '6.1.7601.20000', '');\nvuln += hotfix_check_winsxs(os:'6.1', files:files, versions:versions, max_versions:max_versions, bulletin:bulletin, kb:kb);\n\n#######################\n# KB2660649 #\n#######################\nkb = '2660649';\n\n# Windows XP / Windows Server 2003\n#(hotfix_check_sp(xp:4, win2003:3) > 0 && (version_cmp(a:ver, b:'1.7.2600.6189') >= 0)) ||\n\nbase_path = hotfix_get_programfilesdir();\nif (!base_path) base_path = hotfix_get_programfilesdirx86();\n\nif (!base_path) audit(AUDIT_PATH_NOT_DETERMINED, \"Common Files\");\n\nfull_path = hotfix_append_path(path:base_path, value:\"\\windows journal\");\n\nif (\n # Vista\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"jnwdrv.dll\", version:\"0.3.6002.22789\", min_version:\"0.3.6002.20000\", path:full_path, bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"jnwdrv.dll\", version:\"0.3.6002.18579\", min_version:\"0.3.6002.18000\", path:full_path, bulletin:bulletin, kb:kb) ||\n\n # Windows 7\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"jnwdrv.dll\", version:\"0.3.7601.21955\", min_version:\"0.3.7601.18000\", path:full_path, bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"jnwdrv.dll\", version:\"0.3.7601.17803\", min_version:\"0.3.7601.16000\", path:full_path, bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"jnwdrv.dll\", version:\"0.3.7600.21179\", min_version:\"0.3.7600.18000\", path:full_path, bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"jnwdrv.dll\", version:\"0.3.7600.16988\", min_version:\"0.3.7600.16000\", path:full_path, bulletin:bulletin, kb:kb)\n)\n vuln += 1;\nhotfix_check_fversion_end();\n#######################\n# Report #\n#######################\nif (vuln > 0)\n{\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "securityvulns": [{"lastseen": "2021-06-08T19:02:41", "description": "Font parsing vulnerabilities, unsafe DLL loading, crossite scripting.", "cvss3": {}, "published": "2012-06-13T00:00:00", "type": "securityvulns", "title": "Mictosoft Lync multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2012-1858", "CVE-2011-3402", "CVE-2012-0159", "CVE-2012-1849"], "modified": "2012-06-13T00:00:00", "id": "SECURITYVULNS:VULN:12406", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12406", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:45", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nZDI-12-129 : Microsoft Windows TrueType Font Parsing Remote Code Execution\r\nVulnerability (Remote Kernel)\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-12-129\r\nAugust 3, 2012\r\n\r\n- -- CVE ID:\r\nCVE-2012-0159\r\n\r\n- -- CVSS:\r\n10, AV:N/AC:L/Au:N/C:C/I:C/A:C\r\n\r\n- -- Affected Vendors:\r\nMicrosoft\r\n\r\n- -- Affected Products:\r\nMicrosoft Windows XP SP3\r\nMicrosoft Windows Vista\r\nMicrosoft Windows 7\r\n\r\n\r\n- -- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code from\r\nthe contact of kernelspace on vulnerable installations of Microsoft\r\nWindows. User interaction is required to exploit this vulnerability in that\r\nthe target must visit a malicious page or open a malicious file.\r\n\r\nThe specific flaw exists within the kernel's support for TrueType font\r\nparsing of compound glyphs. A sign extension error exists in win32k.sys\r\nwhen processing compound glyphs having a total number of contours above\r\n0x7FFF. This can be exploited to corrupt kernel heap memory placed below\r\nthe space allocated for the "flags" buffer and potentially execute\r\narbitrary code in kernel space.\r\n\r\n- -- Vendor Response:\r\nMicrosoft has issued an update to correct this vulnerability. More details\r\ncan be found at:\r\n\r\nhttp://technet.microsoft.com/en-us/security/bulletin/ms12-039\r\n\r\n- -- Disclosure Timeline:\r\n2011-11-04 - Vulnerability reported to vendor\r\n2012-08-03 - Coordinated public release of advisory\r\n\r\n- -- Credit:\r\nThis vulnerability was discovered by:\r\n* Alin Rad Pop (binaryproof)\r\n\r\n\r\n- -- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: PGP Desktop 10.2.0 (Build 1950)\r\nCharset: utf-8\r\n\r\nwsBVAwUBUBwqM1VtgMGTo1scAQKiCgf/d6FeYgGgRzwbN+PfzCyA7jU2TMEZzomm\r\nsCTQAOD+hpQGzwGk/gsZtbvh0NqzFtfoQ968pyrNHpA+x8B0ORry2C9v351Spz5E\r\nhnqxeOUd7IFnrjxcGLBMDBwFGVWeyTJTpT9oEW+sXNnDNy/Dcjok7LWlI+M4cvKa\r\nfB9XE7yT+qST/HLjYezvc8iazrJOxqeh4YYflrST7cCmAzqojcXSpZXYZxqgliuU\r\nOChxDT2QpWOyyY6y6dQKE/nVtC5kHT61sNjCVURtTSzPuZgjv6fbOqCrUW8OsOwC\r\nEzYTDrMpeWMP5FwzfnICPTK9nWp/hsHuV/BunebzjExdwrFu00u2jg==\r\n=bMzV\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2012-08-13T00:00:00", "type": "securityvulns", "title": "ZDI-12-129: Microsoft Windows TrueType Font Parsing Remote Code Execution Vulnerability (Remote Kernel)", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2012-0159"], "modified": "2012-08-13T00:00:00", "id": "SECURITYVULNS:DOC:28350", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28350", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:16:44", "description": "Buffer overflow on TTF fonts parsing, OLE objects memory corruption, CSRSS and kernel privilege escalations, ActiveX code execution.", "cvss3": {}, "published": "2011-12-26T00:00:00", "type": "securityvulns", "title": "Microsoft Windows multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-3402", "CVE-2011-3400", "CVE-2011-3397", "CVE-2011-3408", "CVE-2011-2018"], "modified": "2011-12-26T00:00:00", "id": "SECURITYVULNS:VULN:12090", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12090", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:16:46", "description": "TCP/IP privilege escalation, partition manager privilege escalation, multiple security vulnerabililities in .Net, Silverlight, font management, GDI+, window components, etc.", "cvss3": {}, "published": "2012-08-13T00:00:00", "type": "securityvulns", "title": "Microsoft Windows multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2012-0160", "CVE-2011-3402", "CVE-2012-0174", "CVE-2012-1848", "CVE-2012-0162", "CVE-2012-0164", "CVE-2012-0180", "CVE-2012-0176", "CVE-2012-0167", "CVE-2012-0159", "CVE-2012-0161", "CVE-2012-0165", "CVE-2012-0179", "CVE-2012-0178", "CVE-2012-0181"], "modified": "2012-08-13T00:00:00", "id": "SECURITYVULNS:VULN:12357", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12357", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T11:51:05", "description": "A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to improper bounds checking when parsing specially crafted TrueType Font (TTF) files. A remote attacker may exploit this vulnerability by enticing an affected user to open a specially crafted TTF file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system or lead to a local elevation of privilege condition.", "cvss3": {}, "published": "2015-05-18T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows TrueType Font File Parsing Code Execution - Ver2 (CVE-2011-3402)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3402"], "modified": "2015-05-18T00:00:00", "id": "CPAI-2015-0735", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T12:31:17", "description": "A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to improper bounds checking when parsing specially crafted TrueType Font (TTF) files. A remote attacker may exploit this vulnerability by enticing an affected user to open a specially crafted TTF file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system or lead to a local elevation of privilege condition.", "cvss3": {}, "published": "2011-11-06T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows TrueType Font File Parsing Code Execution (CVE-2011-3402)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3402"], "modified": "2014-11-25T00:00:00", "id": "CPAI-2011-512", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-28T07:10:56", "description": "A remote code execution vulnerability has been reported in Microsoft Windows.", "cvss3": {}, "published": "2012-05-08T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows Malformed TrueType Font Remote Code Execution (MS12-034; CVE-2012-0159)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2012-0159"], "modified": "2022-11-27T00:00:00", "id": "CPAI-2012-198", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}], "threatpost": [{"lastseen": "2018-10-06T23:00:30", "description": "Font-parsing vulnerabilities weren\u2019t part of the security consciousness much until the discovery of [Duqu](<http://threatpost.com/mystery-duqu-102011>) at the end of 2011. The spy malware hooked into the Windows kernel through bugs in the TrueType font file parsing engine, and not only breathed new life into the concept of cyber espionage, but helped rejuvenate an interest in kernel-level vulnerabilities and exploits.\n\nAlready this year, there have been successful [sandbox bypasses leading to kernel compromises](<http://threatpost.com/using-kernel-exploits-bypass-sandboxes-fun-and-profit-031813/>) demonstrated at Pwn2Own and Black Hat EU. And every single Patch Tuesday release from Microsoft going back to last October has included patches for kernel bugs, including some being actively exploited in the wild. [The July Patch Tuesday updates](<http://threatpost.com/critical-truetype-font-parsing-vulnerabilities-addressed-in-patch-tuesday-updates/101232>) released this week were particularly noteworthy with three separate bulletins addressing vulnerabilities in seven different Microsoft products affected by the same [TrueType font flaw](<http://www.securelist.com/en/blog/9102/Microsoft_Updates_July_2013_Serious_flaws_in_IE_DirectShow_and_Multiple_TrueType_Font_Handling_Code_Paths>).\n\nThis dynamic seems to bust the myth that attackers are solely interested in Web-based vulnerabilities and attacks against Java or Adobe bugs. Kernel attacks may be difficult, but they deliver hackers what they covet most: root access to computers, complete system compromises, and the ability to remotely inject code on a whim. And let\u2019s not forget that kernel-based attacks are starting to go mainstream, given the fact that [the Duqu exploit has been folded into the Blackhole and Cool exploit kits](<http://malware.dontneedcoffee.com/2012/10/newcoolek.html>), even though most of these vulnerabilities, the [Duqu vulnernability](<http://threatpost.com/microsoft-patches-windows-flaw-exploited-duqu-121311/$post_id%25/>) included, have been patched.\n\nWhite hats\u2014and criminals\u2014have been paying particularly close attention to the TrueType font file exploits. Attacks like these are executed via an embedded malicious font file dropped into an Office document, such as a Word file. Once the user opens the malicious file\u2014delivered either via a spear phishing email or over the Web\u2014the exploit targets a [vulnerability in kernel -mode drivers that improperly handle malicious TrueType font files](<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3402>).\n\n\u201cTrueType font parsing is complicated and often maintains nested code. Its handling exercises code paths that expose both user-land and kernel mode vulnerabilities,\u201d said Kurt Baumgartner, principal security researcher at Kaspersky Lab. \u201cOn the Windows platform, much of the same code is maintained across versions of the OS. So the same vulnerability can be exploited across every version of the platform, although the exploit may need to be somewhat adapted to each OS version.\u201d\n\nThree July Patch Tuesday bulletins\u2014[MS13-052](<https://technet.microsoft.com/en-us/security/bulletin/ms13-052>), [M13-053](<https://technet.microsoft.com/en-us/security/bulletin/ms13-053>) and [MS13-054](<https://technet.microsoft.com/en-us/security/bulletin/ms13-054>)\u2014illustrate this point. Vulnerabilities in Microsoft Office, Lync, Visual Studio, .NET, Silverlight, and Windows components such as GDI+ were patched in relation to the TrueType flaw.\n\n\u201cTrueType vulnerabilities are difficult to exploit. But once they are, the exploits themselves can be reliable and difficult for antimalware solutions to handle,\u201d Baumgartner said. \u201cEven though the code abused by a TrueType exploit resides in the kernel, this portion of the kernel is different from and much less active than trying to deliver bits to highly active code handling network traffic, for example.\u201d\n\nThe fact that Microsoft has been patching kernel bugs with greater frequency could indicate a spike in hacker interest, TrueType- and OpenType-based are particularly attractive because they don\u2019t require user permission to interact with the core of the OS.\n\n\u201cRegarding TrueType Font (TTF) based attacks, it is important to note that not all TTF processing takes place in kernel-space. Depending on what vector is used to provide a crafted TTF, an attacker may get SYSTEM access or may just get access in the context of the affected process,\u201d said Craig Young, security researcher at Tripwire.\n\nAn exploit against the GDI+ vulnerability patched this week in MS13-054, Young said, would provide such kernel-space compromise of the system. Others, however, expose only the user-mode font processing and would not lead to complete system compromise.\n\n\u201cTrueType and OpenType font based attacks are definitely part of the mainstream attacker toolkit. These types of font files contain tables of data describing the curves as well as instructions which must be interpreted when rendering text,\u201d Young said. \u201cThis complexity makes it possible to have nice looking typesets but it also makes fonts very attractive to attackers due to the large attack surface and kernel involvement.\u201d\n\n\u201cCreating an exploit capable of reliable code execution on a modern operating system is always difficult but researchers and attackers have certainly had great success in doing so with various crafted fonts,\u201d Young added. \u201cOnce the crafted font has been developed, it is very easy to compromise victims by getting them to visit a web site or open a document. This technique can be quite effective as fonts are commonly rendered without asking user permission. It is a vector which lends itself very well to the spear-phishing and watering-hole techniques employed by APT as well as organized crime syndicates.\u201d\n\nIt\u2019s certainly true for white hats; Rahul Kashyap, chief security architect at virtualization security company Bromium told Threatpost in March that he and fellow research Rafal Wojtczuk followed Duqu\u2019s lead in exploiting TrueType vulnerabilities to access and own the kernel. They demonstrated at Black Hat EU how to use a commercial Windows-based sandbox called Sandboxie, which interfaces with the kernel in order for arbitrary code to run properly, to pull off a system compromise. With fonts, for example, Kashyap said a kernel call has to be made from the sandbox to the kernel; the sandbox has to allow the call to pass in order for, in this case, the font to render properly.\n\n\u201cDuqu exploited this vulnerability in font parsing to compromise the host. All of these kernel interfaces are bypassable by Duqu,\u201d Kashyap said. \u201cUsing several exploits for bugs in the way calls are handled by the kernel, it was easy to get a blue screen.\u201d\n\nThe trick is in the fact that the sandbox doesn\u2019t intercept font parsing calls to the kernel for performance reasons and the fonts would not be processed properly, he said.\n\n\u201cThere is a lot of exposure from the OS kernel that people don\u2019t realize,\u201d he said. \u201cThe moment you compromise the kernel, you have the same privileges as the kernel. You can disable the sandbox, access other programs and data and breach everything out there. With most Java exploits, for example, you still have to do privilege escalation. With the kernel, this is the worst-case scenario.\u201d\n", "cvss3": {}, "published": "2013-07-11T14:10:56", "type": "threatpost", "title": "TrueType Font Exploits Gateway to Kernel Attacks", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2011-3402"], "modified": "2013-07-15T20:14:36", "id": "THREATPOST:770B6E17E4B8181D31E215933E54652B", "href": "https://threatpost.com/of-truetype-font-vulnerabilities-and-the-windows-kernel/101263/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:04:21", "description": "[Stuxnet](<https://threatpost.com/stuxnet-authors-made-several-basic-errors-011811/>) has become the bogeyman of Internt security and cyberwar, showing up in marketing pitches, PowerPoint presentations and press releases from Washington to Silicon Valley to Tehran. But while Stuxnet has been garnering headlines for more than a year now, the far more serious threat in terms of ![](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07064817/costin_raiu_2.thumbnail_01.jpg)potential long-term damage has turned out to be [Duqu](<https://threatpost.com/anatomy-duqu-attacks-112111/>). The malware first came to light in September, but it may have been circulating four or five months before that. Its customizable, modular architecture has been a challenge for researchers seeking to understand its operation and its creators\u2019 intentions. Threatpost editor Dennis Fisher spoke with Costin Raiu, one of the main researchers working on Duqu at Kaspersky Lab, about the relationship between Stuxnet and Duqu, the possible identity of the attackers and the investigation into its architecture.\n\n**Dennis Fisher**: So, let\u2019s try and start at the beginning here. Duqu first sort of popped up a few weeks ago. How exactly was it found? And how did it initially start getting connected to Stuxnet? \n****\n\n**Costin Raiu**: Right. Okay, so, to be honest, the first reports of Duqu came up in September actually, not October. And we heard about it in a very interesting way. A colleague working for another company sent us a binary, and we searched for the MD5 of that binary on the Internet. So, we found a very interesting weblog page which was apparently maintained by a Hungarian researcher. And he was saying something like, \u201cLooking for friends or foes of this specific MD5 to talk about it.\u201d So, we thought it was very curious, very interesting. We looked at the binary. And the binary itself was interesting. First of all, there was, like, no Internet connection whatsoever. So, the only thing which the binary was doing when called with a special parameter called XXX. So, if you have executed this binary without putting the XXX parameter, then nothing happens. But, if you invoke it with this specific marker, then interesting things happen such as intercepting keystrokes, taking captures of the screen, dumping the configuration of your computer. And all this basically happens in background.\n\nAnd also, data is written to a file in your temporary folder. And this file, first of all, it is compressed. And it collects all this information. So, basically, it grows bigger and bigger and bigger. And this file has a very interesting name which is the tilde character and then DQ and then a number dot TMP.\n\nSo, basically, we observed this this specific Trojan, which we received back in September, it was collecting all sorts of information from your system and dumping it into this file, but not sending it anywhere. So, that was very, very interesting. Why would anybody write a Trojan which steals information but doesn\u2019t send it anywhere? \n****\n\n**Dennis Fishe**r: Right? \n****\n\n**Costin Raiu**: So, that seemed very odd to us. And to be honest, we didn\u2019t think it was really important or anything special simply because it didn\u2019t seem to do anything malicious except collect information about your system in a local file. \n****\n\n**Dennis Fisher**: And so, after that, a deeper analysis sort of uncovered the fact that that was only one component of the malware, right? \n****\n\n**Costin Raiu**: Right. So, later \u2013 basically, one month later, there was a public news about the Duqu and the fact that there were multiple components. And the file which we received in September was just one of the modules of this sophisticated hacking toolkit. So, then you understand that the way Duqu was written is to make it very hard to detect. Every single component by itself could be meaningless. But when you put them together, basically, interesting things start to happen.\n\nSo, this Trojan, the info stealer \u2013 the so-called \u201cinfo stealer\u201d component \u2013 which collects information from your system, does not get installed in the initial attack. So, you get infected with Duqu, and this only happens through a targeted attack. So \u2013 and by the way, I think it\u2019s very important to point out that if you got infected with Duqu, and if you\u2019re listening to us right now, then the first thing that you should know that you\u2019re probably part of a very, very limited number of people in the world. You\u2019re part of an elite, so to say, which had the privilege and the \u2013 okay \u2013 bad luck of getting infected with this sophisticated cyber espionage tool. \n****\n\n**Dennis Fisher**: So, you should feel special. \n****\n\n**Costin Raiu**: Absolutely. Actually, we pretty much think that every single victim of Duqu is special from a specific point of view, which we cannot disclose for obvious reasons. \n****\n\n**Dennis Fisher**: Yeah. \n****\n\n**Costin Raiu**: But I hope that, actually, we will be able to tell it at some point in time. And basically, when you get infected with Duqu, it\u2019s simple, let\u2019s say, the basic infrastructure. And then it connects to a command-and-control center which is hardcoded into its configuration files, and it begins \u2013 it starts to receive new modules like the info stealer. And the info stealer, as I was saying, it doesn\u2019t do many suspicious things except, okay, intercepting keyboard or, like, making screenshots. But, the file is stored to disk. So, the other, let\u2019s say, components, basically, the Duqu infrastructure is responsible for transferring the file from your disk to the command-and-control center and from there to the attacker.\n\nAnd I guess, it\u2019s also important to point out that, due to the way the Duqu, let\u2019s say, infrastructure has been designed, they created it in such a way that they leave as little footprints, fingerprints, as possible. So, dynamic process injection, no temporary files, no \u2013 especially for executables and modules no temporary files are created. So, they get the module from the command-and-control, and they inject it directly into another process without creating any temporary files, and they launch the code there. So, very, very careful, I think, they\u2019re very careful to make sure that these parts, these modules of Duqu, do not get left behind and they do not get discovered. \n****\n\n**Dennis Fisher**: Okay. It appears that they\u2019re using not only a different command-and-control for just about every attack, but they\u2019re creating separate drivers and different files for each target that they\u2019re going after. Is that the way it\u2019s working? \n****\n\n**Costin Raiu**: Yes. And this is \u2013 well, basically, this is all related to the encryption which is employed in Duqu. So, it\u2019s a \u2013 if you\u2019re familiar with the nesting dolls, the Russian matryoshkas, we can pretty much say the same. So, basically, you get a Word document by e-mail. And this Word document contains the exploit for the CVE-2011-3402 vulnerability.\n\nAnd the \u2013 inside the Word document, there is an embedded TrueType font file. The embedded TrueType font file which contains the exploit for this vulnerability, basically, inside this TrueType font file, the exploit is encrypted. So, the exploit decrypts itself in memory, does a number \u2013 a couple of checks, and then it fires up a loader.\n\nSo, basically, at every single point, they make sure that they delete whatever steps happened before, and they transfer control to the next module. And there are a number of different drivers and different modules which are responsible for extracting the Duqu components to disk. And basically, there are three files which get created on disk. There is one SYS driver file. There is a small PNF file, a configuration file. There is a big PNF file, so the extension is .PNF. And by the way, Stuxnet used the same extensions and this kind of similar mechanism to infect computers and install \u2013 basically, to install itself in computers. \n****\n\n**Dennis Fisher**: Okay. \n****\n\n**Costin Raiu**: So, yet another thing which is similar between Duqu and Stuxnet. And the reason why they\u2019re using unique \u2013 kind of unique sets for each target, I guess they also use different encryption, so this makes it harder to detect. Imagine that you add detection for one specific version of the toolkit without knowing that there are other victims. All the other victims, basically, they all have sets encrypted with different keys. So, it\u2019s very tailored. It\u2019s very, very targeted. And as I was saying, not just the encryption is different, but almost in every single case, they use a different command-and-control center. \n****\n\n**Dennis Fisher**: Which makes it, obviously, harder to backtrack to the CnC servers. And I know that one was taken down in India, and some others have been identified, but that\u2019s after the fact, right? It\u2019s after the targets have already been compromised. \n****\n\n**Costin Raiu**: Yeah, absolutely. And well, as far as I know, there is only one \u2013 just one organization in the world which has the chance to see and kind of to play with a live Duqu command-and-control center, and that was the Hungarian research lab CrySyS. So, they had a couple of days during which they could play with the command-and-control in India, this one that you mentioned. And according to their research, this server was up for a kind of long time. So, for some specific reason, they kind of prefer this command-and-control server in India.\n\nBut as you were saying, we\u2019re also aware of other command-and-control center which Duqu used. And actually, at the moment, we are kind of looking into this issue very, very deeply, so to say. Probably, I guess the number of command-and-control centers should be close to a dozen, I guess. \n****\n\n**Dennis Fisher**: Can you estimate the number of infections that you know about at this point? Can you give us a range, like, between 1 and 100? \n****\n\n**Costin Raiu**: Yes. I would suspect less than 50. \n****\n\n**Dennis Fisher**: Wow. \n****\n\n**Costin Raiu**: Of course, I may be wrong, but this is what I suspect \u2013 somewhere less than 50 infections around the world. So, very, very, very small number, actually, and very, very specific targets. \n****\n\n**Dennis Fisher**: And you mention that there\u2019s \u2013 it took a while to figure out the complete picture of what Duqu was doing, because at first you just saw the info stealer component, and then you started seeing these other components. Are you confident at this point that you\u2019ve found all of the components of at least the one specific version of Duqu? \n****\n\n**Costin Raiu**: No, definitely not. \n****\n\n**Dennis Fisher**: Okay. \n****\n\n**Costin Raiu**: So, actually, I\u2019m sure of the opposite. I\u2019m sure that we haven\u2019t seen all the single components. And basically, we are aware of only two different info stealer components. One of them is the original one that was located by CrySyS, and it\u2019s a very, very strange case and a big question mark for everybody what happened in that case. So, on the machine where they found this file on disk, and remember that I said that they do not create these files on disk. Instead, they run them directly from memory. \nBut, what I think that happened here is the following. Basically, if you download the modules from the command-and-control server and you run them dynamically, then the next time the system is rebooted, they lose the ability to intercept what\u2019s going on. And for probably for very high profile targets, they need this capability. They need this persistence. So, they need to be able to continue to sniff passwords and to make screenshots and to steal files even after reboot, so they need to survive after reboots.\n\nAnd I suspect that in that case they dumped the info stealer component to disk and choose \u2013 forced it to execute every time they needed it or on every boot. So, I think this could be one explanation, because the other info stealer that we are aware of that was intercepted on 18th of October, that one was never written to disk. So, it was, basically, sniffed from the network traffic. \n****\n\n**Dennis Fisher**: Wow. \n****\n\n**Costin Raiu**: And how do I know that actually there are more info stealer components? Basically, it\u2019s easy. The info stealer component that we have creates files, as I was saying, with the DQ name. But, we have also been able to identify compromised, like infected, customers which had files, now not just DQ files, but also DF files and DO files. And these are very interesting, particularly the DF files, because the DF files, they are a bit different from the DQ files from the point of view that they have documents inside.\n\nSo, they must have been created by a specific version of the info stealer which was collecting documents from disk, documents such as Word files, Excel files, source codes, AutoCAD documents and so on. And this specific version which creates the DF files and steals documents, we do not have. And this probably exist at the \u2013 I \u2013 we suspect that it existed somewhere around April, May, June. But later, it kind of disappeared, so the guys behind Duqu stopped using it. \n****\n\n**Dennis Fisher**: So, for one reason or another, they moved onto a different tactic? \n****\n\n**Costin Raiu**: Yeah, they removed this functionality from the info stealer. \n****\n\n**Dennis Fisher**: So, that\u2019s a fairly good indication that they\u2019re obviously paying attention to what\u2019s going on, and they\u2019re adjusting as they go along for each specific target that they\u2019re interested in. \n****\n\n**Costin Raiu**: Absolutely.\n\n_This is part one of an edited transcript of a [podcast with Costin Raiu](<https://threatpost.com/costin-raiu-duqu-stuxnet-and-targeted-attacks-111611/>). The second part will run tomorrow._\n", "cvss3": {}, "published": "2011-11-21T15:51:38", "type": "threatpost", "title": "Anatomy of the Duqu Attacks", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2011-3402"], "modified": "2018-08-15T10:10:52", "id": "THREATPOST:A16EDEF0DAAD6325A7D930BE82C2B01C", "href": "https://threatpost.com/anatomy-duqu-attacks-112111/75916/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:04:29", "description": "A few months after the hysteria around Stuxnet had died down, officials in Iran announced in April that some sensitive systems in the government\u2019s networks had been attacked by a [new piece of malware, known then as Stars](<https://threatpost.com/new-stars-malware-said-target-iran-042511/>). It now appears that attack was, in fact, the first appearance of an early version of [Duqu](<https://threatpost.com/duqu-installer-contains-windows-kernel-zero-day-110111/>), the most recent in a line of sophisticated attack tools that experts say have been designed to take out specific targets in a variety of sensitive networks.\n\nAn [analysis of the April attack](<http://www.securelist.com/en/blog/208193211/Duqu_First_Spotted_as_Stars_Malware_in_Iran>) shows that some of the machines that were infected by Stars were compromised using the same Windows kernel vulnerability that\u2019s contained in the Duqu installer. That flaw was unknown publicly until this week when information on the vulnerability emerged, which Microsoft later confirmed. The company has released a workaround for the bug, which is in the TrueType font parsing engine, and says it is working on a permanent patch for it, as well.\n\nSome of the targets of Duqu have been compromised using malicious Word documents containing exploit code for the TrueType bug, which is [CVE-2011-3402](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3402>). Researchers have not yet discovered a spreading mechanism for Duqu, if there is one, and it appears at the moment that the malware is being used only for attacks against carefully selected targets in a small number of countries. Among the countries in which infections have been confirmed are Sudan and Iran. Because Duqu is using a Windows kernel vulnerability as its infection method, it does not seem that the attackers are going after control systems at nuclear facilities, as Stuxnet did, but rather are likely going after PCs in key places.\n\nResearchers have found that Duqu has an architecture that is different from Stuxnet\u2019s, although the two tools do share some code-level similarities. [Duqu appears to be a customizable attack framework](<https://threatpost.com/stars-attack-iran-was-early-version-duqu-110511/>) that can be modified for any number of purposes by the individual attacker, and researchers have discovered that many known infected machines contained drivers for Duqu that were unique and not shared by other infected PCs. \n", "cvss3": {}, "published": "2011-11-05T21:08:37", "type": "threatpost", "title": "Stars Attack on Iran Was Early Version of Duqu", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2011-3402"], "modified": "2013-04-17T16:33:24", "id": "THREATPOST:7A66D3AC7210BC6168B3777DC0419A88", "href": "https://threatpost.com/stars-attack-iran-was-early-version-duqu-110511/75857/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:03:08", "description": "![](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07065636/windowssmall.jpg)Microsoft released seven bulletins fixing 23 vulnerabilities in their patch Tuesday announcement today. The Redmond, Wash., software giant rated three of the bulletins as \u2018critical,\u2019 all of which could lead to remote code execution, and the remaining four as \u2018important.\u2019\n\nThe first critical bulletin resolves a privately reported bug in Microsoft Office through which an attacker could remotely execute code after the user opens a specially crafted RTF file. Upon successful exploitation, the attacker would possess the same user rights as the current user. Users with fewer user rights would be less impacted than those that operate with administrative user rights.\n\nThe second patch resolves three publicly disclosed bugs and seven privately disclosed ones in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework, and Microsoft Silverlight. These could also lead to remote code execution if an attacker can find a way to trick users into opening a specially crafted document or visiting a webpage that embeds TrueType font files.\n\nThis set of vulnerabilities fixed by the MS12-034 patch is designed to fix one of the vulnerabilities exploited by the Duqu malware. Microsoft had already patched that bug in other applications, but in the last few months it had discovered that a snippet of code that was part of the CVE-2011-3402 vulnerability was present in other places in Microsoft products, as well.\n\n\u201cIn the time since we shipped MS11-087, we discovered that several Microsoft products contained a copy of win32k.sys\u2019s font parsing code. Unfortunately, each copy of the code also contained the vulnerability addressed by MS11-087. The most troublesome copy was in gdiplus.dll. We know that several third party applications \u2013 3rd party browsers in particular \u2013 might use gdiplus.dll to parse and render custom fonts. Microsoft Office\u2019s version of gdiplus, called ogl.dll, also contained a copy of the vulnerable code. Silverlight included a copy of the vulnerable code. And the Windows Journal viewer included a copy of the vulnerable code,\u201d Microsoft said in a blog post today. \n\n\u201cIn addition to addressing the vulnerabilities described in the bulletin, this security update also closes the malicious keyboard layout file attack vector. Windows Vista introduced a requirement that all keyboard layout files be loaded from %windir%system32. MS12-034 ports that change downlevel to Windows XP and Windows Server 2003 as well.\u201d\n\nThe last critically rated patch fixes two privately reported vulnerabilities in Windows and the .NET Framework. These could allow for remote code execution on client systems where the user views a specially crafted webpage that can run XAML browser applications. Again, users with fewer rights are less impacted.\n\nAs for the four important patches remaining, the first resolves six vulnerabilities in Microsoft office and the second resolves one vulnerability in Microsoft Visio viewer. Both vulnerabilities, if left unpatched, could lead to remote code execution. The last two important patches could both lead to elevation of privileges. The first resolves two bugs in TCP/IP and the second resolves a vulnerability in Windows Partition Manager.\n\nYou can find the bulletin summary [here](<http://technet.microsoft.com/en-us/security/bulletin/ms12-may>) on Microsoft\u2019 TechNet blog.\n", "cvss3": {}, "published": "2012-05-08T18:22:19", "type": "threatpost", "title": "Microsoft Ships Seven Bulletins Fixing 23 Bugs", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2011-3402"], "modified": "2013-04-17T20:03:35", "id": "THREATPOST:10E07EA1EC79D258B439B4CA2F562B51", "href": "https://threatpost.com/microsoft-ships-seven-bulletins-fixing-23-bugs-050812/76540/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:00:20", "description": "The Counter.php strain of malware has been spotted in the past redirecting users to a handful of malicious sites and now appears to be leveraging that ability to send victims to websites serving up the Styx exploit kit.\n\nAccording to [a post on Securelist today](<http://www.securelist.com/en/blog/9151/Visit_from_an_old_friend_Counter_php#page_top>), Vincente Diaz, a researcher with Kaspersky Lab, discovered counter.php while looking into some of the more popular Web attacks in Spain during the past three months. One bit of code in particular, Trojan.JS.iframe.aeq, jumped out at him.\n\nAt the end of that source code was counter.php, a malicious redirect that uses an iFrame that initially began popping up in Japan and Spain in [February and March](<http://michajp.blogspot.jp/2013/03/malicious-counterphp.html>) of this year.\n\nCounter.php in turn led Diaz to stumble upon a site passing out the Styx exploit kit, a pricey $3,000 toolkit that enjoyed its peak of popularity earlier this spring.\n\nThanks to a relatively new botnet named [Fort Disco](<http://threatpost.com/fort-disco-brute-force-attack-campaign-targets-cms-websites/101723>), researchers found a PHP-redirector earlier this month that also sent victims to sites hosting Styx, suggesting the malicious sites in both situations are one in the same.\n\nAccording to Diaz the exploit kit runs a script function called PluginDetect to profile the victim and determine which version of Java the user is running. It then exploits one of a handful of \u2013 mostly Java \u2013 vulnerabilities:\n\n * \u201cjorg.html\u201d CVE-2013-0422\n * \u201cjlnp.html\u201d CVE-2013-2423\n * \u201cpdfx.html loads \u201cfnts.html\u201d CVE-2011-3402\n * \u201cjovf.html\u201d CVE-2013-1493\n * and downloads a .pdf file CVE-2010-0188\n\nDiaz goes on to describe how the sites passing out Styx may have gotten infected, suggesting their FTP accounts may have been compromised. After contacting the sites\u2019 corresponding hosting companies though, Diaz was able to glean a little more about the most recent iteration of counter.php.\n\nLooking at the functions and strings, \u201cwhen users are redirected to counter.php, then there is a second redirection to stat.php,\u201d a filter that helps the kit avoid reinfections and avoid signature detection.\n\n\u201cAs stat.php does not check that the parameter IP is the remote address, now we know how to create requests for getting samples from the exploit kit,\u201d Diaz said.\n\nIf all this wasn\u2019t enough, it goes on to install a dropper that downloads a fake antivirus or ZeroAccess Trojan to the infected machine, according to the blog post. Further analysis of that malware is forthcoming, but for Diaz\u2019s in-depth account on Counter.php and how he found the Styx kits, head [here](<http://www.securelist.com/en/blog/9151/Visit_from_an_old_friend_Counter_php#page_top>).\n", "cvss3": {}, "published": "2013-08-12T14:52:37", "type": "threatpost", "title": "Counter.php Redirecting to Sites Peddling Styx Exploit Kit", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2010-0188", "CVE-2011-3402", "CVE-2013-0422", "CVE-2013-1493", "CVE-2013-2423"], "modified": "2013-08-12T18:52:37", "id": "THREATPOST:EE3F3A8389237EB34791DBD9A0F1066E", "href": "https://threatpost.com/counter-php-found-redirecting-to-sites-peddling-styx-exploit-kit/101967/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "mskb": [{"lastseen": "2021-01-01T22:43:11", "description": "<html><body>Resolves a vulnerability in Microsoft Windows that could allow remote code execution.<h2>INTRODUCTION</h2><div class=\"kb-summary-section section\">Microsoft has released security bulletin MS11-087. To view the complete security bulletin, visit one of the following Microsoft websites: <ul class=\"sbody-free_list\"><li>Home users: <div class=\"indent\"><a href=\"http://www.microsoft.com/security/pc-security/bulletins/201112.aspx\" id=\"kb-link-1\" target=\"_self\">http://www.microsoft.com/security/pc-security/bulletins/201112.aspx</a></div>Skip the details: Download the updates for your home computer or laptop from the Microsoft Update website now: <div class=\"indent\"><a href=\"http://update.microsoft.com/microsoftupdate/\" id=\"kb-link-2\" target=\"_self\">http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals: <div class=\"indent\"><a href=\"http://technet.microsoft.com/security/bulletin/ms11-087\" id=\"kb-link-3\" target=\"_self\">http://technet.microsoft.com/security/bulletin/MS11-087</a></div></li></ul><h3 class=\"sbody-h3\">How to obtain help and support for this security update</h3> Help installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-4\" target=\"_self\">Support for Microsoft Update</a> Security solutions for IT professionals: <a href=\"http://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-5\" target=\"_self\">TechNet Security Troubleshooting and Support</a> Help protect your computer that is running Windows from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-6\" target=\"_self\">Virus Solution and Security Center</a> Local support according to your country: <a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-7\" target=\"_self\">International Support</a> </div><h2>Fix it for me</h2><div class=\"kb-resolution-section section\">A Fix it solution is available to enable the workaround for CVE-2011-3402. The Fix it solution that is described in this section is not intended to be a replacement for any security update. We recommend that you always install the latest security updates. However, we offer this Fix it solution as a workaround option for some scenarios. For more information about this workaround, visit the following Microsoft Security Advisory webpage: <div class=\"indent\"><a href=\"http://technet.microsoft.com/security/bulletin/ms11-087\" id=\"kb-link-9\" target=\"_self\">http://technet.microsoft.com/security/bulletin/MS11-087</a></div> The bulletin provides more information about the issue and includes the following: <ul class=\"sbody-free_list\"><li>The scenarios in which you might apply or disable the workaround</li><li>Mitigating factors</li><li>Workarounds</li><li>Frequently asked questions</li></ul>Specifically, to see this information, expand the Workarounds section that is related to CVE-2011-3402. To enable or disable this Fix it solution, click the Fix it button or link under the Enable heading or under the Disable heading. Click Run in the File Download dialog box, and then follow the steps in the Fix it wizard. <div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">Enable</th><th class=\"sbody-th\">Disable</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><div caption=\"Microsoft Fix it\" fix-it=\"\" link=\"http://go.microsoft.com/?linkid=9788941\" text=\"Download\"></div></td><td class=\"sbody-td\"><div caption=\"Microsoft Fix it\" fix-it=\"\" link=\"http://go.microsoft.com/?linkid=9788942\" text=\"Download\"></div></td></tr></table></div>Notes<ul class=\"sbody-free_list\"><li>These wizards may be in English only. However, the automatic fixes also work for other language versions of Windows.</li><li>If you are not on the computer that has the problem, you can save the automatic fix to a flash drive or to a CD, and then you can run it on the computer that has the problem. </li></ul><h3 class=\"sbody-h3\">Known issues with this workaround</h3><ul class=\"sbody-free_list\"><li>Applications that have functionality that relies on the T2embed.dll file, such as applications that generate PDF files, may not work as expected. For example, Microsoft Office software will be unable to generate PDF files.</li><li>After you apply this workaround on a system that is running Windows XP or Windows Server 2003, you may be reoffered security updates 982132 and 972270. You will be unable to install these reoffered updates. The reoffering is a detection logic issue. Users who have previously applied both security updates successfully can ignore the reoffer. </li><li>Microsoft Office 2003 software that has the Microsoft Office Compatibility Pack installed may not open Microsoft Office PowerPoint 2007 (.pptx) files. Instead, you receive the following message: <div class=\"indent\"><div class=\"message\">This file was created by a newer version of Microsoft PowerPoint. Do you want to download a compatibility pack so that you can work with this file?</div></div> You receive this message even though the Microsoft Office Compatibility Pack is already installed.</li></ul></div><h2>FILE INFORMATION</h2><div class=\"kb-summary-section section\"> The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files. <h3 class=\"sbody-h3\">Windows XP and Windows Server 2003 file information</h3><ul class=\"sbody-free_list\"><li>The files that apply to a specific milestone (SPn) and service branch (QFE, GDR) are noted in the \"SP requirement\" and \"Service branch\" columns.</li><li>GDR service branches contain only those fixes that are widely released to address widespread, critical issues. QFE service branches contain hotfixes in addition to widely released fixes.</li><li>In addition to the files that are listed in these tables, this software update also installs an associated security catalog file (KBnumber.cat) that is signed with a Microsoft digital signature.</li></ul><h4 class=\"sbody-h4\">For all supported x86-based versions of Windows XP</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th><th class=\"sbody-th\">SP requirement</th><th class=\"sbody-th\">Service branch</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">5.1.2600.6178</td><td class=\"sbody-td\">1,859,584</td><td class=\"sbody-td\">23-Nov-2011</td><td class=\"sbody-td\">13:25</td><td class=\"sbody-td\">x86</td><td class=\"sbody-td\">SP3</td><td class=\"sbody-td\">SP3GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">5.1.2600.6178</td><td class=\"sbody-td\">1,868,544</td><td class=\"sbody-td\">23-Nov-2011</td><td class=\"sbody-td\">13:29</td><td class=\"sbody-td\">x86</td><td class=\"sbody-td\">SP3</td><td class=\"sbody-td\">SP3QFE</td></tr></table></div><h4 class=\"sbody-h4\">For all supported x64-based versions of Windows Server 2003 and of Windows XP Professional x64 edition</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th><th class=\"sbody-th\">SP requirement</th><th class=\"sbody-th\">Service branch</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">5.2.3790.4938</td><td class=\"sbody-td\">4,573,184</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">08:35</td><td class=\"sbody-td\">x64</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">SP2GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">5.2.3790.4938</td><td class=\"sbody-td\">4,591,616</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">08:30</td><td class=\"sbody-td\">x64</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">SP2QFE</td></tr></table></div><h4 class=\"sbody-h4\">For all supported x86-based versions of Windows Server 2003</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th><th class=\"sbody-th\">SP requirement</th><th class=\"sbody-th\">Service branch</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">5.2.3790.4938</td><td class=\"sbody-td\">1,861,632</td><td class=\"sbody-td\">23-Nov-2011</td><td class=\"sbody-td\">14:36</td><td class=\"sbody-td\">x86</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">SP2GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">5.2.3790.4938</td><td class=\"sbody-td\">1,872,384</td><td class=\"sbody-td\">23-Nov-2011</td><td class=\"sbody-td\">14:17</td><td class=\"sbody-td\">x86</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">SP2QFE</td></tr></table></div><h4 class=\"sbody-h4\">For all supported IA-64-based versions of Windows Server 2003</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th><th class=\"sbody-th\">SP requirement</th><th class=\"sbody-th\">Service branch</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">5.2.3790.4938</td><td class=\"sbody-td\">5,602,816</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">08:33</td><td class=\"sbody-td\">IA-64</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">SP2GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">5.2.3790.4938</td><td class=\"sbody-td\">5,621,248</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">08:30</td><td class=\"sbody-td\">IA-64</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">SP2QFE</td></tr></table></div><h3 class=\"sbody-h3\">Windows Vista and Windows Server 2008 file information</h3><ul class=\"sbody-free_list\"><li>The files that apply to a specific product, milestone (SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table: <div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\">Version</td><td class=\"sbody-td\">Product</td><td class=\"sbody-td\">Milestone</td><td class=\"sbody-td\">Service branch</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.0.6002.18xxx</td><td class=\"sbody-td\">Windows Vista SP2 and Windows Server 2008 SP2</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.0.6002.22xxx</td><td class=\"sbody-td\">Windows Vista SP2 and Windows Server 2008 SP2</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">LDR</td></tr></table></div></li><li>GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.</li><li>The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are <a bookmark-id=\"manifests\" href=\"#manifests\" managed-link=\"\" target=\"\">listed separately</a>. MUM and MANIFEST files, and the associated security catalog (.cat) files, are critical to maintaining the state of the updated component. The security catalog files (attributes not listed) are signed with a Microsoft digital signature.</li></ul><h4 class=\"sbody-h4\">For all supported x86-based versions of Windows Vista and Windows Server 2008</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.0.6002.18544</td><td class=\"sbody-td\">2,043,904</td><td class=\"sbody-td\">23-Nov-2011</td><td class=\"sbody-td\">13:37</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.0.6002.22745</td><td class=\"sbody-td\">2,052,096</td><td class=\"sbody-td\">23-Nov-2011</td><td class=\"sbody-td\">13:35</td><td class=\"sbody-td\">x86</td></tr></table></div><h4 class=\"sbody-h4\">For all supported x64-based versions of Windows Vista and Windows Server 2008</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.0.6002.18544</td><td class=\"sbody-td\">2,764,800</td><td class=\"sbody-td\">23-Nov-2011</td><td class=\"sbody-td\">13:57</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.0.6002.22745</td><td class=\"sbody-td\">2,767,360</td><td class=\"sbody-td\">23-Nov-2011</td><td class=\"sbody-td\">13:36</td><td class=\"sbody-td\">x64</td></tr></table></div><h4 class=\"sbody-h4\">For all supported IA-64-based versions of Windows Server 2008</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.0.6002.18544</td><td class=\"sbody-td\">6,648,832</td><td class=\"sbody-td\">23-Nov-2011</td><td class=\"sbody-td\">13:38</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.0.6002.22745</td><td class=\"sbody-td\">6,658,560</td><td class=\"sbody-td\">23-Nov-2011</td><td class=\"sbody-td\">13:36</td><td class=\"sbody-td\">IA-64</td></tr></table></div><h3 class=\"sbody-h3\">Additional file information for Windows Vista and Windows Server 2008</h3><a class=\"bookmark\" id=\"manifests\"></a><h4 class=\"sbody-h4\">Additional files for all supported x86-based versions of Windows Vista and Windows Server 2008</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_1_for_kb2639417_bf~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,385</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_1_for_kb2639417~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,102</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_2_for_kb2639417_bf~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,227</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_2_for_kb2639417~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,940</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_3_for_kb2639417_bf~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,227</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_3_for_kb2639417~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,940</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_client_2_bf~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,681</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_client_2~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,708</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_client_bf~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,426</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_client~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,446</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sc_1_bf~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,677</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sc_1~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,704</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sc_bf~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,418</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sc~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,438</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_server_1_bf~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,681</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_server_1~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,708</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_server_bf~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,426</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_server~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,446</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Update-bf.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,020</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">X86_15eba5e04425d1c3628cf15d7eddbc55_31bf3856ad364e35_6.0.6002.18544_none_7448bdbccd6ebb75.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">694</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">X86_eeed88a208fc8cbf82e0cfad135f2acf_31bf3856ad364e35_6.0.6002.22745_none_5c51dbffe7a63743.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">694</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">X86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18544_none_bab2bc4a97c9dd3c.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">6,543</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">23-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:30</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">X86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22745_none_bb3d5b45b0e69384.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">6,543</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">23-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:00</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr></table></div><h4 class=\"sbody-h4\">Additional files for all supported x64-based versions of Windows Vista and Windows Server 2008</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_c167fb4d416ae4e2fce1560f36235fda_31bf3856ad364e35_6.0.6002.18544_none_27280981728ba91e.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,038</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_c1a5d0737a69a192855420416ff20a02_31bf3856ad364e35_6.0.6002.22745_none_f950ee30ac983cc5.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,038</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18544_none_16d157ce50274e72.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">6,559</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">23-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:53</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22745_none_175bf6c9694404ba.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">6,559</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">23-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">15:44</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_1_for_kb2639417_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,611</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_1_for_kb2639417~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,552</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_2_for_kb2639417_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,451</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_2_for_kb2639417~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,388</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_3_for_kb2639417_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,451</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_3_for_kb2639417~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,388</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_client_2_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,693</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_client_2~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,720</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_client_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,434</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_client~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,454</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sc_1_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,689</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sc_1~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,716</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sc_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,426</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sc~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,446</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_server_1_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,693</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_server_1~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,720</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_server_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,434</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_server~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,454</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Update-bf.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,044</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Wow64_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18544_none_212602208488106d.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">5,013</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">23-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:16</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Wow64_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22745_none_21b0a11b9da4c6b5.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">5,013</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">23-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">15:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr></table></div><h4 class=\"sbody-h4\">Additional files for all supported IA-64-based versions of Windows Server 2008</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Ia64_3c18e2254f71b97d54647447077058b8_31bf3856ad364e35_6.0.6002.18544_none_9ecc51e4eb6105d8.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,036</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Ia64_abe3beb6ed278ac414180725ed4b99c3_31bf3856ad364e35_6.0.6002.22745_none_57a3ec69395f6964.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,036</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Ia64_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18544_none_bab4604097c7e638.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">6,551</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">23-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:03</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Ia64_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22745_none_bb3eff3bb0e49c80.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">6,551</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">23-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">15:30</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_1_for_kb2639417_bf~31bf3856ad364e35~ia64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,281</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_1_for_kb2639417~31bf3856ad364e35~ia64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,212</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_2_for_kb2639417_bf~31bf3856ad364e35~ia64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,281</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_2_for_kb2639417~31bf3856ad364e35~ia64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,212</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sc_1_bf~31bf3856ad364e35~ia64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,521</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sc_1~31bf3856ad364e35~ia64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,544</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sc_bf~31bf3856ad364e35~ia64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,422</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sc~31bf3856ad364e35~ia64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,441</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_server_1_bf~31bf3856ad364e35~ia64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,525</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_server_1~31bf3856ad364e35~ia64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,548</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_server_bf~31bf3856ad364e35~ia64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,430</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_server~31bf3856ad364e35~ia64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,449</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Update-bf.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,221</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Wow64_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18544_none_212602208488106d.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">5,013</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">23-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:16</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Wow64_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22745_none_21b0a11b9da4c6b5.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">5,013</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">23-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">15:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr></table></div><h3 class=\"sbody-h3\">Windows 7 and Windows Server 2008 R2 file information</h3><ul class=\"sbody-free_list\"><li>The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table: <div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\">Version</td><td class=\"sbody-td\">Product</td><td class=\"sbody-td\">Milestone</td><td class=\"sbody-td\">Service branch</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.1.7600.16xxx</td><td class=\"sbody-td\">Windows 7 and Windows Server 2008 R2</td><td class=\"sbody-td\">RTM</td><td class=\"sbody-td\">GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.1.7600.20xxx</td><td class=\"sbody-td\">Windows 7 and Windows Server 2008 R2</td><td class=\"sbody-td\">RTM</td><td class=\"sbody-td\">LDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.1.7601.17xxx</td><td class=\"sbody-td\">Windows 7 and Windows Server 2008 R2</td><td class=\"sbody-td\">SP1</td><td class=\"sbody-td\">GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.1.7601.21xxx</td><td class=\"sbody-td\">Windows 7 and Windows Server 2008 R2</td><td class=\"sbody-td\">SP1</td><td class=\"sbody-td\">LDR</td></tr></table></div></li><li>GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.</li><li>The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are <a bookmark-id=\"manifests7\" href=\"#manifests7\" managed-link=\"\" target=\"\">listed separately</a> in the \"Additional file information for Windows 7 and Windows Server 2008 R2\" section. MUM and MANIFEST files, and the associated security catalog (.cat) files, are critical to maintaining the state of the updated component. The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.</li></ul><h4 class=\"sbody-h4\">For all supported x86-based versions of Windows 7</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7600.16920</td><td class=\"sbody-td\">2,340,352</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">04:23</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7600.21097</td><td class=\"sbody-td\">2,349,568</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">04:26</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7601.17730</td><td class=\"sbody-td\">2,342,912</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">04:25</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7601.21866</td><td class=\"sbody-td\">2,350,080</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">04:21</td><td class=\"sbody-td\">x86</td></tr></table></div><h4 class=\"sbody-h4\">For all supported x64-based versions of Windows 7 and Windows Server 2008 R2</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7600.16920</td><td class=\"sbody-td\">3,141,632</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">05:00</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7600.21097</td><td class=\"sbody-td\">3,146,240</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">04:52</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7601.17730</td><td class=\"sbody-td\">3,145,216</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">04:52</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7601.21866</td><td class=\"sbody-td\">3,146,752</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">04:45</td><td class=\"sbody-td\">x64</td></tr></table></div><h4 class=\"sbody-h4\">For all supported IA-64-based versions of Windows Server 2008 R2</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7600.16920</td><td class=\"sbody-td\">7,438,848</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">04:20</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7600.21097</td><td class=\"sbody-td\">7,443,968</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">03:58</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7601.17730</td><td class=\"sbody-td\">7,435,264</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">03:48</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7601.21866</td><td class=\"sbody-td\">7,442,944</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">03:46</td><td class=\"sbody-td\">IA-64</td></tr></table></div><h3 class=\"sbody-h3\">Additional file information for Windows 7 and Windows Server 2008 R2</h3><a class=\"bookmark\" id=\"manifests7\"></a><h4 class=\"sbody-h4\">Additional files for all supported x86-based versions of Windows 7</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_1_for_kb2639417_bf~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,784</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_1_for_kb2639417~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,485</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_2_for_kb2639417_bf~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,789</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_2_for_kb2639417~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,688</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_3_for_kb2639417_bf~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,769</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_3_for_kb2639417~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,670</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_4_for_kb2639417_bf~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,784</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_4_for_kb2639417~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,485</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_5_for_kb2639417_bf~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,983</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_5_for_kb2639417~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,491</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_6_for_kb2639417_bf~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,965</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_6_for_kb2639417~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,472</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_rtm_bf~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,865</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_rtm~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,935</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sp1_bf~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,894</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sp1~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,929</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Update-bf.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,728</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">X86_2741763af4537d13d2c9e548ebb3c51c_31bf3856ad364e35_6.1.7601.17730_none_77cdf54610460b0e.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">694</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">X86_3bdc3aa11f4024df1b03f773970380d2_31bf3856ad364e35_6.1.7600.21097_none_ec41703668627eb3.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">694</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">X86_54f9830b5dfbe584cc365eb4e0d72ca4_31bf3856ad364e35_6.1.7601.21866_none_b0c4109ef6f3b462.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">694</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">X86_e6bb1c633a80397320d17e389bc8fdb7_31bf3856ad364e35_6.1.7600.16920_none_0aaea0d21153d97c.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">694</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">X86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16920_none_b905b957fbae27c2.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">42,086</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">07:21</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">X86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21097_none_b94a7ef114fe729f.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">42,086</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">07:23</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">X86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17730_none_bae14671f8dcaf9f.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">42,086</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">07:14</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">X86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21866_none_bb507535120d3b46.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">42,086</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">07:13</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr></table></div><h4 class=\"sbody-h4\">Additional files for all supported x64-based versions of Windows 7 and Windows Server 2008 R2</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_74d86c10d10452a3743ae43b09539d17_31bf3856ad364e35_6.1.7600.16920_none_5722a410ab724a41.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,038</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_7b0773d126abef96929484e26a67350e_31bf3856ad364e35_6.1.7601.17730_none_9975b29df28fed78.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">698</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_7ddad16685d87477adb86abfb9208c3e_31bf3856ad364e35_6.1.7601.17730_none_ea0b830299b03835.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,038</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_8a3e064e710917bb05d489fbf816c5db_31bf3856ad364e35_6.1.7601.17730_none_cbcb63c5a1fd7ee8.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">698</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_926678f7016626e47a8bb536262a41bc_31bf3856ad364e35_6.1.7600.21097_none_ac0fbd6391a8e4e0.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">698</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_a0b06e36fc0e3802968c276ba76e3556_31bf3856ad364e35_6.1.7600.21097_none_09dc743827434fc9.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,038</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_a0bc39a3cead58baeb5eb09378ae3475_31bf3856ad364e35_6.1.7601.21866_none_e370dec30cc6e1a9.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">698</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_a2276a31acdc22b2fbabab381e073106_31bf3856ad364e35_6.1.7601.21866_none_57a71ae99b0f403b.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,038</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_a41541c05e59aeaec493256ee31c5a4d_31bf3856ad364e35_6.1.7600.21097_none_ef8e59c56928601a.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">698</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_b40bfc5a0b0f46bd8bf4963d9c741346_31bf3856ad364e35_6.1.7601.21866_none_71834d3285aed8db.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">698</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_b9d5caaa55e6b05a18b838c84ee0555b_31bf3856ad364e35_6.1.7600.16920_none_3cb0c7d4805673e8.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">698</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_db68874f6aeb920a7f4b4137f287d04f_31bf3856ad364e35_6.1.7600.16920_none_418f3c763577979d.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">698</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16920_none_152454dbb40b98f8.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">42,090</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">08:13</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21097_none_15691a74cd5be3d5.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">42,090</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">08:08</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17730_none_16ffe1f5b13a20d5.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">42,090</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">08:09</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21866_none_176f10b8ca6aac7c.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">42,090</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">08:01</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_1_for_kb2639417_bf~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,794</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_1_for_kb2639417~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,499</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_2_for_kb2639417_bf~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,213</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_2_for_kb2639417~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">4,707</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_3_for_kb2639417_bf~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,017</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_3_for_kb2639417~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">4,281</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_4_for_kb2639417_bf~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,987</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_4_for_kb2639417~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,119</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_5_for_kb2639417_bf~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,794</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_5_for_kb2639417~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,501</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_6_for_kb2639417_bf~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,823</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_6_for_kb2639417~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">4,084</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_7_for_kb2639417_bf~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,409</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_7_for_kb2639417~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,884</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_8_for_kb2639417_bf~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,185</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_8_for_kb2639417~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,914</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_rtm_bf~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,786</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_rtm~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,878</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sp1_bf~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,783</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sp1~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,842</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Update-bf.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,990</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Wow64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16920_none_1f78ff2de86c5af3.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">4,178</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">06:56</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Wow64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21097_none_1fbdc4c701bca5d0.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">4,178</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">06:56</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Wow64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17730_none_21548c47e59ae2d0.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">4,178</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">06:51</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Wow64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21866_none_21c3bb0afecb6e77.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">4,178</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">06:51</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr></table></div><h4 class=\"sbody-h4\">Additional files for all supported IA-64-based versions of Windows Server 2008 R2</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Ia64_3eb6d791624db9cd2569c8087bf58f07_31bf3856ad364e35_6.1.7600.16920_none_7317cd9bb3625d24.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,036</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Ia64_4a74b22f4b17ef479dc0e1873f9bb598_31bf3856ad364e35_6.1.7600.21097_none_84ad772c089e76b1.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,036</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Ia64_55d649c2beeca864af2ae84d9b9c28b8_31bf3856ad364e35_6.1.7601.21866_none_f5669d7aab0b38bb.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,036</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Ia64_d2652e0580629bb11ad6ac51b98cbb54_31bf3856ad364e35_6.1.7601.17730_none_427afdc38a525e76.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,036</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Ia64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16920_none_b9075d4dfbac30be.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">42,088</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">07:37</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Ia64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21097_none_b94c22e714fc7b9b.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">42,088</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">07:42</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Ia64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17730_none_bae2ea67f8dab89b.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">42,088</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">07:37</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Ia64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21866_none_bb52192b120b4442.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">42,088</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">07:34</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_1_for_kb2639417_bf~31bf3856ad364e35~ia64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,002</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_1_for_kb2639417~31bf3856ad364e35~ia64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,128</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_2_for_kb2639417_bf~31bf3856ad364e35~ia64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,197</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_2_for_kb2639417~31bf3856ad364e35~ia64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,925</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_rtm_bf~31bf3856ad364e35~ia64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,458</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_rtm~31bf3856ad364e35~ia64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,477</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sp1_bf~31bf3856ad364e35~ia64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,436</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sp1~31bf3856ad364e35~ia64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,455</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Update-bf.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,918</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Wow64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16920_none_1f78ff2de86c5af3.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">4,178</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">06:56</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Wow64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21097_none_1fbdc4c701bca5d0.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">4,178</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">06:56</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Wow64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17730_none_21548c47e59ae2d0.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">4,178</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">06:51</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Wow64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21866_none_21c3bb0afecb6e77.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">4,178</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">06:51</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr></table></div></div></body></html>", "edition": 2, "cvss3": {}, "published": "2011-12-13T00:00:00", "type": "mskb", "title": "MS11-087: Vulnerability in Windows kernel-mode drivers could allow remote code execution: December 13, 2011", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3402"], "modified": "2012-05-08T16:01:10", "id": "KB2639417", "href": "https://support.microsoft.com/en-us/help/2639417/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T22:47:17", "description": "<html><body>Resolves a vulnerability in the .NET Framework and Silverlight that could allow remote code execution on a client system if a user views a specially crafted webpage by using a web browser that can run Silverlight applications or XAML Browser Applications (XBAPs).<h2>Introduction</h2><div class=\"kb-summary-section section\">Microsoft has released the security bulletin MS12-034. You can view the complete security bulletin by visiting one of the following Microsoft websites: <ul class=\"sbody-free_list\"><li>Home users: <a href=\"http://www.microsoft.com/security/pc-security/bulletins/201205.aspx\" id=\"kb-link-1\" target=\"_self\">http://www.microsoft.com/security/pc-security/bulletins/201205.aspx</a></li><li>IT professionals: <a href=\"http://technet.microsoft.com/security/bulletin/ms12-034\" id=\"kb-link-2\" target=\"_self\">http://technet.microsoft.com/security/bulletin/MS12-034</a></li></ul></div><h2></h2><div class=\"kb-summary-section section\"><h3 class=\"sbody-h3\">How to obtain help and support for this security update</h3>Help installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-3\" target=\"_self\">Support for Microsoft Update</a> Security solutions for IT professionals: <a href=\"http://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-4\" target=\"_self\">TechNet Security Troubleshooting and Support</a> Help protect your computer that is running Windows from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-5\" target=\"_self\">Virus Solution and Security Center</a> Local support according to your country: <a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-6\" target=\"_self\">International Support</a></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><h4 class=\"sbody-h4\">Additional information about this update</h4>The following articles contain additional information about this update as it relates to individual product versions. The articles may contain specific information to the individual updates such as download URL, prerequisites and command line switches. <ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/2656405\" id=\"kb-link-7\">2656405 </a> MS12-034: Description of the security update for the .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2656407\" id=\"kb-link-8\">2656407 </a> MS12-034: Description of the Security Update for the .NET Framework 3.0 Service Pack 2 on Windows XP and Windows Server 2003: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2656409\" id=\"kb-link-9\">2656409 </a> MS12-034: Description of the security update for the .NET Framework 3.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2656410\" id=\"kb-link-10\">2656410 </a> MS12-034: Description of the security update for the .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2656411\" id=\"kb-link-11\">2656411 </a> MS12-034: Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2659262\" id=\"kb-link-12\">2659262 </a> MS12-034: Description of the security update for Windows GDI+: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2690729\" id=\"kb-link-13\">2690729 </a> MS12-034: Description of the security update for Silverlight 4: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2636927\" id=\"kb-link-14\">2636927 </a> MS12-034: Description of the security update for Silverlight 5: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2589337\" id=\"kb-link-15\">2589337 </a> MS12-034: Description of the security update for Office 2010: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2598253\" id=\"kb-link-16\">2598253 </a> MS12-034: Description of the security update for Office 2003 Service Pack 3: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2596792\" id=\"kb-link-17\">2596792 </a> MS12-034: Description of the security update for the 2007 Office suite: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2596672\" id=\"kb-link-18\">2596672 </a> MS12-034: Description of the security update for the 2007 Office suite: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2676562\" id=\"kb-link-19\">2676562 </a> MS12-034: Description of the security update for Windows kernel-mode drivers: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2660649\" id=\"kb-link-20\">2660649 </a> MS12-034: Description of the security update for Windows Journal: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2658846\" id=\"kb-link-21\">2658846 </a> MS12-034: Description of the security update for DirectWrite in Windows: May 8, 2012 Note Security update 2658846 will only be offered to systems on which the affected component (DirectWrite) is installed. </li><li><a href=\"https://support.microsoft.com/en-us/help/2686509\" id=\"kb-link-22\">2686509 </a> MS12-034: Description of the security update for CVE-2012-0181 in Windows XP and Windows Server 2003: May 8, 2012 Known issues in security update 2686509: <ul class=\"sbody-free_list\"><li>In some scenarios, the %windir%\\FaultyKeyboard.log file might not have been created on your computer. </li></ul></li></ul></div><h2></h2><div class=\"kb-moreinformation-section section\"><h4 class=\"sbody-h4\">Update replacement information</h4>Update replacement information for each specific update can be found in the Knowledge Base articles that correspond to this update.</div><h2></h2><div class=\"kb-notice-section section\"><h3 class=\"sbody-h3\">Applies to</h3>This article applies to the following:<ul class=\"sbody-free_list\"><li>Microsoft Silverlight 5</li><li>Microsoft Silverlight 4</li><li>Microsoft .NET Framework 4 when used with:<ul class=\"sbody-free_list\"><li>Windows 7</li><li>Windows 7 Service Pack 1</li><li>Windows Server 2008 R2</li><li>Windows Server 2008 R2 Service Pack 1</li><li>Windows Vista Service Pack 2</li><li>Windows Server 2008 Service Pack 2</li><li>Microsoft Windows XP Service Pack 3</li><li>Microsoft Windows Server 2003 Service Pack 2</li></ul></li><li>Microsoft .NET Framework 3.5.1 when used with:<ul class=\"sbody-free_list\"><li>Windows 7</li><li>Windows 7 Service Pack 1</li><li>Windows Server 2008 R2</li><li>Windows Server 2008 R2 Service Pack 1</li></ul></li><li>Microsoft .NET Framework 3.0 Service Pack 2 when used with:<ul class=\"sbody-free_list\"><li>Microsoft Windows XP Service Pack 3</li><li>Microsoft Windows Server 2003 Service Pack 2</li><li>Windows Vista Service Pack 2</li><li>Windows Server 2008 Service Pack 2</li></ul></li><li>Microsoft Office 2010</li><li>2007 Microsoft Office suite</li><li>Microsoft Office 2003 Service Pack 3</li><li>Windows 7</li><li>Windows 7 Service Pack 1</li><li>Windows Server 2008 R2</li><li>Windows Server 2008 R2 Service Pack 1</li><li>Windows Vista Service Pack 2</li><li>Windows Server 2008 Service Pack 2</li><li>Windows XP Service Pack 3</li><li>Windows Server 2003 Service Pack 2</li></ul></div></body></html>", "edition": 2, "cvss3": {}, "published": "2012-05-08T00:00:00", "type": "mskb", "title": "MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight: May 8, 2012", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3402", "CVE-2012-1848", "CVE-2012-0162", "CVE-2012-0164", "CVE-2012-0180", "CVE-2012-0176", "CVE-2012-0167", "CVE-2012-0159", "CVE-2012-0165", "CVE-2012-0181"], "modified": "2012-09-13T00:45:24", "id": "KB2681578", "href": "https://support.microsoft.com/en-us/help/2681578/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2023-05-15T00:21:08", "description": "**Duqu** malware was created to spy on **Iran's nuclear program** \n\n\n[![The Hacker News](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)](<https://thehackernews.com/images/-eQNoB-MOkio/TrYnxTpMfgI/AAAAAAAADY4/7GQCPQFlIhc/s728-e365/photo+1.jpg>)\n\n** \n** \nA Report by Kaspersky Lab Expert, Ryan Naraine says that the DUQU malware was created to spy on Iran's nuclear program. IrCERT (Iran's Computer Emergency Response Team) Duqu is an upgraded version of \"Stars\". Back in April this year, The Iranian government says it is being targeted by a new piece of malware aimed at its federal computers. \n \nAlso its confirm that some of the targets of Duqu were hit on April 21, using the same method involving CVE-2011-3402, a kernel level exploit in win32k.sys via embedded True Type Font (TTF) file. \n \nIn both cases a malware similar to Stuxnet found in systems and stealing information. Do you think these relate to each other ? If we are to believe these reports, then it means that Duqu was created in order to spy on Iran's nuclear program. \n \nAnother interesting part of information is that more than 10 nations have supplied intelligence suggesting Iran is secretly developing components of a nuclear arms program - among them an implosion-type. New intelligence the U.N. atomic agency plans to release on alleged nuclear weapons work by Iran is fabricated, the Iranian foreign minister. Whereas , Iran dismisses reported UN claims of nuclear work. There are high possibility that **Stars** and **Duqu** were used to collect such information.\n", "cvss3": {}, "published": "2011-11-06T06:24:00", "type": "thn", "title": "Duqu malware was created to spy on Iran's nuclear program", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3402"], "modified": "2012-03-19T19:59:41", "id": "THN:3E923BF60240465681EDB5EF458156F0", "href": "https://thehackernews.com/2011/11/duqu-malware-was-created-to-spy-on.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cert": [{"lastseen": "2023-05-31T14:40:43", "description": "### Overview\n\nA vulnerability in the Microsoft Windows TrueType font parsing component could allow an attacker to run arbitrary code in kernel mode. This vulnerability is reportedly being exploited by malicious software in the wild known as `Duqu`.\n\n### Description\n\nThe Microsoft Windows kernel includes a driver (win32k.sys) that handles a variety of graphics processing tasks, including the processing of TrueType fonts. A vulnerability exists in the way this driver handles certain embedded TrueType fonts. This vulnerability could allow an attacker to execute code with elevated privileges on the affected system.\n\nA remote attacker could exploit this vulnerability by embedding a specially crafted font in a document attached to an email message or including the crafted font in a web page. \n \n--- \n \n### Impact\n\nAn attacker may be able to run arbitrary code in kernel mode, resulting in complete system compromise. Secondary impacts include, but are not limited to, installation of programs; viewing, changing, or deleting data; or the creation of new system accounts with full privileges. \n \n--- \n \n### Solution\n\n**Apply an update** \n \nMicrosoft has addressed this issue in Microsoft Security Bulletin [MS11-087](<http://technet.microsoft.com/en-us/security/bulletin/ms11-087>). Users may also wish to consider applying the following workaround: \n \n--- \n \n \n**Deny access to T2EMBED.DLL** \n \nMicrosoft has published a workaround for this issue in [Microsoft Security Advisory (2639658)](<http://technet.microsoft.com/en-us/security/advisory/2639658>), which recommends denying access to T2EMBED.DLL. Users are encouraged to review this advisory and consider applying the workaround that it describes. Additionally, [Microsoft Knowledge Base Article 2639658](<http://support.microsoft.com/kb/2639658>) contains Microsoft Fix it 50792 and Microsoft Fix it 50793 to help users apply this workaround. \n \n--- \n \n### Vendor Information\n\n316553\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Microsoft Corporation Affected\n\nNotified: November 02, 2011 Updated: December 19, 2011 \n\n**Statement Date: November 04, 2011**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://technet.microsoft.com/en-us/security/bulletin/ms11-087>\n * <http://technet.microsoft.com/en-us/security/advisory/2639658>\n * <http://support.microsoft.com/kb/2639658>\n\n \n\n\n### CVSS Metrics\n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References\n\n<http://secunia.com/advisories/46724/>\n\n### Acknowledgements\n\nThis document was written by Chad R Dougherty.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2011-3402](<http://web.nvd.nist.gov/vuln/detail/CVE-2011-3402>) \n---|--- \n**Severity Metric:** | 26.73 \n**Date Public:** | 2011-11-02 \n**Date First Published:** | 2011-11-04 \n**Date Last Updated: ** | 2011-12-19 12:57 UTC \n**Document Revision: ** | 14 \n", "cvss3": {}, "published": "2011-11-04T00:00:00", "type": "cert", "title": "Microsoft Windows TrueType font parsing vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3402"], "modified": "2011-12-19T12:57:00", "id": "VU:316553", "href": "https://www.kb.cert.org/vuls/id/316553", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2023-06-05T14:32:08", "description": "Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka \"TrueType Font Parsing Vulnerability.\"", "cvss3": {}, "published": "2011-11-04T21:55:00", "type": "cve", "title": "CVE-2011-3402", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3402"], "modified": "2020-09-28T12:58:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_vista:*", "cpe:/o:microsoft:windows_server_2003:*", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_xp:*"], "id": "CVE-2011-3402", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3402", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:*"]}, {"lastseen": "2023-06-05T14:08:43", "description": "Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka \"TrueType Font Parsing Vulnerability.\"", "cvss3": {}, "published": "2012-05-09T00:55:00", "type": "cve", "title": "CVE-2012-0159", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0159"], "modified": "2018-10-12T22:02:00", "cpe": ["cpe:/a:microsoft:silverlight:5.0.60401.0", "cpe:/a:microsoft:silverlight:4.0.50826.0", "cpe:/a:microsoft:office:2007", "cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_xp:*", "cpe:/a:microsoft:silverlight:4.0.50917.0", "cpe:/a:microsoft:silverlight:5.0.60818.0", "cpe:/a:microsoft:silverlight:4.0.60310.0", "cpe:/o:microsoft:windows_vista:-", "cpe:/a:microsoft:silverlight:4.0.60831.0", "cpe:/a:microsoft:office:2010", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/a:microsoft:silverlight:4.0.50524.00", "cpe:/a:microsoft:silverlight:4.0.60531.0", "cpe:/o:microsoft:windows_7:*", "cpe:/o:microsoft:windows_7:-", "cpe:/a:microsoft:silverlight:4.0.60129.0", "cpe:/a:microsoft:silverlight:4.0.51204.0", "cpe:/a:microsoft:silverlight:4.1.10111.0", "cpe:/a:microsoft:silverlight:4.0.50401.0", "cpe:/o:microsoft:windows_8:consumer_preview", "cpe:/a:microsoft:silverlight:5.0.61118.0", "cpe:/a:microsoft:office:2003"], "id": "CVE-2012-0159", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0159", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:silverlight:4.0.50917.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:silverlight:5.0.61118.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:silverlight:4.0.60129.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:silverlight:5.0.60401.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:silverlight:4.0.60310.0:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8:consumer_preview:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*", "cpe:2.3:a:microsoft:silverlight:4.0.50524.00:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*", "cpe:2.3:a:microsoft:silverlight:4.1.10111.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:silverlight:5.0.60818.0:rc:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:silverlight:4.0.60531.0:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:silverlight:4.0.60831.0:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2010:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2010:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:silverlight:4.0.50401.0:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:silverlight:4.0.50826.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:silverlight:4.0.51204.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-05T14:27:11", "description": "Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka \"TrueType Font Parsing Vulnerability,\" a different vulnerability than CVE-2011-3402.", "cvss3": {}, "published": "2011-11-08T21:55:00", "type": "cve", "title": "CVE-2011-2004", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2004", "CVE-2011-3402"], "modified": "2020-09-28T12:58:00", "cpe": ["cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2008:r2"], "id": "CVE-2011-2004", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2004", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*"]}], "metasploit": [{"lastseen": "2023-06-05T15:51:45", "description": "This module searches for CVE-2011-3402 (Duqu) related registry artifacts.\n", "cvss3": {}, "published": "2011-11-10T21:20:48", "type": "metasploit", "title": "Windows Gather Forensics Duqu Registry Check", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3402"], "modified": "2023-02-08T13:47:34", "id": "MSF:POST-WINDOWS-GATHER-FORENSICS-DUQU_CHECK-", "href": "https://www.rapid7.com/db/modules/post/windows/gather/forensics/duqu_check/", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Post\n include Msf::Post::Windows::Registry\n include Msf::Auxiliary::Report\n\n def initialize(info = {})\n super(\n update_info(\n info,\n 'Name' => 'Windows Gather Forensics Duqu Registry Check',\n 'Description' => %q{ This module searches for CVE-2011-3402 (Duqu) related registry artifacts.},\n 'License' => MSF_LICENSE,\n 'Author' => [ 'Marcus J. Carey <mjc[at]threatagent.com>'],\n 'Platform' => [ 'win' ],\n 'SessionTypes' => [ 'meterpreter' ],\n 'References' => [\n [ 'CVE', '2011-3402' ],\n [ 'URL', 'http://r-7.co/w5h7fY' ]\n ]\n )\n )\n end\n\n def run\n # Registry artifacts sourced from Symantec report\n artifacts =\n [\n 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\\"CFID\"',\n 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\CFID',\n 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\JmiNET3',\n 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\JmiNET3\\FILTER'\n ]\n match = 0\n\n print_status(\"Searching registry on #{sysinfo['Computer']} for CVE-2011-3402 exploitation [Duqu] artifacts.\")\n\n begin\n artifacts.each do |artifact|\n (path, query) = parse_path(artifact)\n has_key = registry_enumkeys(path)\n has_val = registry_enumvals(path)\n\n next unless has_key.include?(query) || has_val.include?(query)\n\n print_good(\"#{sysinfo['Computer']}: #{path}\\\\#{query} found in registry.\")\n match += 1\n report_vuln(\n host: session.session_host,\n name: name,\n info: \"Module #{fullname} detected #{path}\\\\#{query} - possible CVE-2011-3402 exploitation [Duqu] artifact.\",\n refs: references,\n exploited_at: Time.now.utc\n )\n end\n rescue StandardError # Probably should do something here...\n end\n\n print_status(\"#{sysinfo['Computer']}: #{match} artifact(s) found in registry.\")\n end\n\n def parse_path(artifact)\n parts = artifact.split('\\\\')\n query = parts[-1]\n parts.pop\n path = parts.join('\\\\')\n return path, query\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/post/windows/gather/forensics/duqu_check.rb", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "symantec": [{"lastseen": "2021-06-08T18:47:42", "description": "### Description\n\nMicrosoft Windows is prone to a remote code-execution vulnerability that affects the TrueType Font engine. An attacker can exploit this issue through the Windows Kernel-Mode drivers to execute arbitrary code in kernel mode. The attacker can also exploit this issue through Microsoft Silverlight, Microsoft Office, or other affected Windows components to execute arbitrary code with user-level privileges. Successful exploits will completely compromise an affected computer. Failed attempts will result in a denial-of-service condition.\n\n### Technologies Affected\n\n * Avaya Aura Conferencing 6.0 Standard \n * Avaya CallPilot 4.0 \n * Avaya CallPilot 5.0 \n * Avaya Communication Server 1000 Telephony Manager 3.0 \n * Avaya Communication Server 1000 Telephony Manager 4.0 \n * Avaya Meeting Exchange - Client Registration Server \n * Avaya Meeting Exchange - Enterprise Edition \n * Avaya Meeting Exchange - Recording Server \n * Avaya Meeting Exchange - Streaming Server \n * Avaya Meeting Exchange - Web Conferencing Server \n * Avaya Meeting Exchange - Webportal 6.0 \n * Avaya Meeting Exchange 5.0 \n * Avaya Meeting Exchange 5.0 SP1 \n * Avaya Meeting Exchange 5.0 SP2 \n * Avaya Meeting Exchange 5.0.0.0.52 \n * Avaya Meeting Exchange 5.1 \n * Avaya Meeting Exchange 5.1 SP1 \n * Avaya Meeting Exchange 5.2 \n * Avaya Meeting Exchange 5.2 SP1 \n * Avaya Meeting Exchange 5.2 SP2 \n * Avaya Messaging Application Server 5 \n * Avaya Messaging Application Server 5.2 \n * Microsoft .NET Framework 3.5.1 \n * Microsoft .NET Framework 4.0 \n * Microsoft Lync 2010 \n * Microsoft Lync 2010 Attendant (32-bit) \n * Microsoft Lync 2010 Attendant (64-bit) \n * Microsoft Lync 2010 Attendee \n * Microsoft Office 2003 \n * Microsoft Office 2007 \n * Microsoft Office 2010 (32-bit edition) \n * Microsoft Office 2010 (32-bit edition) SP1 \n * Microsoft Office 2010 (64-bit edition) \n * Microsoft Office 2010 (64-bit edition) SP1 \n * Microsoft Office 2010 \n * Microsoft Office Communicator 2007 R2 \n * Microsoft Silverlight 4.0 \n * Microsoft Silverlight 5.0 \n * Microsoft Windows 7 Home Premium \n * Microsoft Windows 7 Home Premium Sp1 X32 \n * Microsoft Windows 7 Home Premium Sp1 X64 \n * Microsoft Windows 7 Professional \n * Microsoft Windows 7 RC \n * Microsoft Windows 7 Starter \n * Microsoft Windows 7 Ultimate \n * Microsoft Windows 7 XP Mode \n * Microsoft Windows 7 for 32-bit Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows Server 2003 Datacenter Edition \n * Microsoft Windows Server 2003 Datacenter Edition Itanium \n * Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 \n * Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Beta 1 \n * Microsoft Windows Server 2003 Datacenter Edition SP1 \n * Microsoft Windows Server 2003 Datacenter x64 Edition \n * Microsoft Windows Server 2003 Datacenter x64 Edition SP2 \n * Microsoft Windows Server 2003 Enterprise Edition \n * Microsoft Windows Server 2003 Enterprise Edition Itanium \n * Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 \n * Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Beta 1 \n * Microsoft Windows Server 2003 Enterprise Edition Itanium SP2 \n * Microsoft Windows Server 2003 Enterprise Edition SP1 \n * Microsoft Windows Server 2003 Enterprise x64 Edition \n * Microsoft Windows Server 2003 Enterprise x64 Edition SP2 \n * Microsoft Windows Server 2003 Gold \n * Microsoft Windows Server 2003 Itanium \n * Microsoft Windows Server 2003 Itanium SP1 \n * Microsoft Windows Server 2003 Itanium SP2 \n * Microsoft Windows Server 2003 SP1 \n * Microsoft Windows Server 2003 SP2 \n * Microsoft Windows Server 2003 Standard Edition \n * Microsoft Windows Server 2003 Standard Edition SP1 \n * Microsoft Windows Server 2003 Standard Edition SP2 \n * Microsoft Windows Server 2003 x64 SP1 \n * Microsoft Windows Server 2003 x64 SP2 \n * Microsoft Windows Server 2008 Datacenter Edition \n * Microsoft Windows Server 2008 Datacenter Edition SP2 \n * Microsoft Windows Server 2008 Enterprise Edition \n * Microsoft Windows Server 2008 Enterprise Edition SP2 \n * Microsoft Windows Server 2008 R2 \n * Microsoft Windows Server 2008 R2 Itanium \n * Microsoft Windows Server 2008 R2 Itanium SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 R2 x64 \n * Microsoft Windows Server 2008 R2 x64 SP1 \n * Microsoft Windows Server 2008 Standard Edition \n * Microsoft Windows Server 2008 Standard Edition Itanium \n * Microsoft Windows Server 2008 Standard Edition SP2 \n * Microsoft Windows Server 2008 Standard Edition X64 \n * Microsoft Windows Server 2008 for 32-bit Systems \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems \n * Microsoft Windows Server 2008 for Itanium-based Systems R2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems \n * Microsoft Windows Server 2008 for x64-based Systems R2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Vista \n * Microsoft Windows Vista Business 64-bit edition \n * Microsoft Windows Vista Business 64-bit edition SP1 \n * Microsoft Windows Vista Business 64-bit edition SP2 \n * Microsoft Windows Vista Business SP1 \n * Microsoft Windows Vista Business SP2 \n * Microsoft Windows Vista Enterprise 64-bit edition \n * Microsoft Windows Vista Enterprise 64-bit edition SP1 \n * Microsoft Windows Vista Enterprise 64-bit edition SP2 \n * Microsoft Windows Vista Enterprise \n * Microsoft Windows Vista Enterprise SP1 \n * Microsoft Windows Vista Enterprise SP2 \n * Microsoft Windows Vista Home Basic 64-bit edition \n * Microsoft Windows Vista Home Basic 64-bit edition SP1 \n * Microsoft Windows Vista Home Basic 64-bit edition SP2 \n * Microsoft Windows Vista Home Basic 64-bit edition Sp1 X64 \n * Microsoft Windows Vista Home Basic 64-bit edition Sp2 X64 \n * Microsoft Windows Vista Home Basic \n * Microsoft Windows Vista Home Basic SP1 \n * Microsoft Windows Vista Home Basic SP2 \n * Microsoft Windows Vista Home Premium 64-bit edition \n * Microsoft Windows Vista Home Premium 64-bit edition SP1 \n * Microsoft Windows Vista Home Premium 64-bit edition SP2 \n * Microsoft Windows Vista Home Premium \n * Microsoft Windows Vista Home Premium SP1 \n * Microsoft Windows Vista Home Premium SP2 \n * Microsoft Windows Vista SP1 \n * Microsoft Windows Vista SP2 \n * Microsoft Windows Vista Ultimate 64-bit edition \n * Microsoft Windows Vista Ultimate 64-bit edition SP1 \n * Microsoft Windows Vista Ultimate 64-bit edition SP2 \n * Microsoft Windows Vista Ultimate \n * Microsoft Windows Vista Ultimate SP1 \n * Microsoft Windows Vista Ultimate SP2 \n * Microsoft Windows Vista x64 Edition \n * Microsoft Windows Vista x64 Edition SP1 \n * Microsoft Windows Vista x64 Edition SP2 \n * Microsoft Windows XP 64-bit Edition SP1 \n * Microsoft Windows XP \n * Microsoft Windows XP Embedded \n * Microsoft Windows XP Embedded SP1 \n * Microsoft Windows XP Embedded SP2 \n * Microsoft Windows XP Embedded SP3 \n * Microsoft Windows XP Gold \n * Microsoft Windows XP Home \n * Microsoft Windows XP Home SP1 \n * Microsoft Windows XP Home SP2 \n * Microsoft Windows XP Home SP3 \n * Microsoft Windows XP Media Center Edition \n * Microsoft Windows XP Media Center Edition SP1 \n * Microsoft Windows XP Media Center Edition SP2 \n * Microsoft Windows XP Media Center Edition SP3 \n * Microsoft Windows XP Professional \n * Microsoft Windows XP Professional SP1 \n * Microsoft Windows XP Professional SP2 \n * Microsoft Windows XP Professional SP3 \n * Microsoft Windows XP Professional x64 Edition \n * Microsoft Windows XP Professional x64 Edition SP2 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nTo exploit this vulnerability, an attacker requires local access to an affected computer. Grant local access for trusted and accountable users only.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nUsers should never accept files from untrusted or unknown sources, because they may be malicious in nature. Avoid opening email attachments from unknown or questionable sources.\n\n**Do not accept communications that originate from unknown or untrusted sources.** \nDo not follow links or open email from unknown or untrusted sources.\n\n**Implement multiple redundant layers of security.** \nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploit attempts of memory-corruption vulnerabilities.\n\nThe vendor released an advisory and updates. Please see the references for details.\n", "cvss3": {}, "published": "2012-05-08T00:00:00", "type": "symantec", "title": "Microsoft Windows TrueType Font Engine CVE-2012-0159 Remote Code Execution Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-0159"], "modified": "2012-05-08T00:00:00", "id": "SMNTC-53335", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/53335", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T17:52:17", "description": "BUGTRAQ ID: 53335\r\nCVE ID: CVE-2012-0159\r\n\r\nMicrosoft Windows\u662f\u6d41\u884c\u7684\u8ba1\u7b97\u673a\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\n\u53d7\u5f71\u54cd\u7684\u7ec4\u4ef6\u5904\u7406\u7279\u5236 TrueType \u5b57\u4f53\u6587\u4ef6\u7684\u65b9\u5f0f\u4e2d\u5b58\u5728\u4e00\u4e2a\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u6f0f\u6d1e\u3002\u5982\u679c\u7528\u6237\u6253\u5f00\u7279\u5236\u7684 TrueType \u5b57\u4f53\u6587\u4ef6\uff0c\u8be5\u6f0f\u6d1e\u53ef\u80fd\u5141\u8bb8\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u3002\u6210\u529f\u5229\u7528\u6b64\u6f0f\u6d1e\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u5b8c\u5168\u63a7\u5236\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u3002\u653b\u51fb\u8005\u53ef\u968f\u540e\u5b89\u88c5\u7a0b\u5e8f\uff1b\u67e5\u770b\u3001\u66f4\u6539\u6216\u5220\u9664\u6570\u636e\uff1b\u6216\u8005\u521b\u5efa\u62e5\u6709\u5b8c\u5168\u7528\u6237\u6743\u9650\u7684\u65b0\u5e10\u6237\u3002\r\n0\r\nMicrosoft Windows XP Professional x64 Edition SP\r\nMicrosoft Windows Windows XP Professional x64 Ed\r\nMicrosoft Windows Windows XP Professional SP3\r\nMicrosoft Windows Windows XP Professional SP2\r\nMicrosoft Windows Windows XP Professional SP1\r\nMicrosoft Windows Windows XP Professional\r\nMicrosoft Windows Windows XP Media Center Editio\r\nMicrosoft Windows Windows XP Media Center Editio\r\nMicrosoft Windows Windows XP Media Center Editio\r\nMicrosoft Windows Windows XP Media Center Editio\r\nMicrosoft Windows Windows XP Home SP3\r\nMicrosoft Windows Windows XP Home SP2\r\nMicrosoft Windows Windows XP Home SP1\r\nMicrosoft Windows Windows XP Home\r\nMicrosoft Windows Windows XP Gold 0\r\nMicrosoft Windows Windows XP Embedded SP3\r\nMicrosoft Windows Windows XP Embedded SP2\r\nMicrosoft Windows Windows XP Embedded SP1\r\nMicrosoft Windows Windows XP Embedded\r\nMicrosoft Windows Windows XP 64-bit Edition SP1\r\nMicrosoft Windows Windows XP 0\r\nMicrosoft Windows Windows Vista x64 Edition SP2\r\nMicrosoft Windows Windows Vista x64 Edition SP1\r\nMicrosoft Windows Windows Vista x64 Edition 0\r\nMicrosoft Windows Windows Vista Ultimate SP2\r\nMicrosoft Windows Windows Vista Ultimate SP1\r\nMicrosoft Windows Windows Vista Ultimate 64-bit\r\nMicrosoft Windows Windows Vista Ultimate 64-bit\r\nMicrosoft Windows Windows Vista Ultimate 64-bit\r\nMicrosoft Windows Windows Vista Ultimate\r\nMicrosoft Windows Windows Vista SP2\r\nMicrosoft Windows Windows Vista SP1\r\nMicrosoft Windows Windows Vista Home Premium SP2\r\nMicrosoft Windows Windows Vista Home Premium SP1\r\nMicrosoft Windows Windows Vista Home Premium 64-\r\nMicrosoft Windows Windows Vista Home Premium 64-\r\nMicrosoft Windows Windows Vista Home Premium 64-\r\nMicrosoft Windows Windows Vista Home Premium\r\nMicrosoft Windows Windows Vista Home Basic SP2\r\nMicrosoft Windows Windows Vista Home Basic SP1\r\nMicrosoft Windows Windows Vista Home Basic 64-bi\r\nMicrosoft Windows Windows Vista Home Basic 64-bi\r\nMicrosoft Windows Windows Vista Home Basic 64-bi\r\nMicrosoft Windows Windows Vista Home Basic 64-bi\r\nMicrosoft Windows Windows Vista Home Basic 64-bi\r\nMicrosoft Windows Windows Vista Home Basic\r\nMicrosoft Windows Windows Vista Enterprise SP2\r\nMicrosoft Windows Windows Vista Enterprise SP1\r\nMicrosoft Windows Windows Vista Enterprise 64-bi\r\nMicrosoft Windows Windows Vista Enterprise 64-bi\r\nMicrosoft Windows Windows Vista Enterprise 64-bi\r\nMicrosoft Windows Windows Vista Enterprise\r\nMicrosoft Windows Windows Vista Business SP2\r\nMicrosoft Windows Windows Vista Business SP1\r\nMicrosoft Windows Windows Vista Business 64-bit\r\nMicrosoft Windows Windows Vista Business 64-bit\r\nMicrosoft Windows Windows Vista Business 64-bit\r\nMicrosoft Windows Windows Vista 0\r\nMicrosoft Windows Windows Server 2008 Standard E\r\nMicrosoft Windows Windows Server 2008 Standard E\r\nMicrosoft Windows Windows Server 2008 Standard E\r\nMicrosoft Windows Windows Server 2008 Standard E\r\nMicrosoft Windows Windows Server 2008 R2 x64 SP1\r\nMicrosoft Windows Windows Server 2008 R2 x64 0\r\nMicrosoft Windows Windows Server 2008 R2 Itanium\r\nMicrosoft Windows Windows Server 2008 R2 Itanium\r\nMicrosoft Windows Windows Server 2008 R2 for x64\r\nMicrosoft Windows Windows Server 2008 R2\r\nMicrosoft Windows Windows Server 2008 for x64-ba\r\nMicrosoft Windows Windows Server 2008 for x64-ba\r\nMicrosoft Windows Windows Server 2008 for x64-ba\r\nMicrosoft Windows Windows Server 2008 for Itaniu\r\nMicrosoft Windows Windows Server 2008 for Itaniu\r\nMicrosoft Windows Windows Server 2008 for Itaniu\r\nMicrosoft Windows Windows Server 2008 for 32-bit\r\nMicrosoft Windows Windows Server 2008 for 32-bit\r\nMicrosoft Windows Windows Server 2008 Enterprise\r\nMicrosoft Windows Windows Server 2008 Enterprise\r\nMicrosoft Windows Windows Server 2008 Datacenter\r\nMicrosoft Windows Windows Server 2008 Datacenter\r\nMicrosoft Windows Windows Server 2003 x64 SP2\r\nMicrosoft Windows Windows Server 2003 x64 SP1\r\nMicrosoft Windows Windows Server 2003 Standard E\r\nMicrosoft Windows Windows Server 2003 Standard E\r\nMicrosoft Windows Windows Server 2003 Standard E\r\nMicrosoft Windows Windows Server 2003 SP2\r\nMicrosoft Windows Windows Server 2003 SP1\r\nMicrosoft Windows Windows Server 2003 Itanium SP\r\nMicrosoft Windows Windows Server 2003 Itanium SP\r\nMicrosoft Windows Windows Server 2003 Itanium 0\r\nMicrosoft Windows Windows Server 2003 Gold\r\nMicrosoft Windows Windows Server 2003 Enterprise\r\nMicrosoft Windows Windows Server 2003 Enterprise\r\nMicrosoft Windows Windows Server 2003 Enterprise\r\nMicrosoft Windows Windows Server 2003 Enterprise\r\nMicrosoft Windows Windows Server 2003 Enterprise\r\nMicrosoft Windows Windows Server 2003 Enterprise\r\nMicrosoft Windows Windows Server 2003 Enterprise\r\nMicrosoft Windows Windows Server 2003 Enterprise\r\nMicrosoft Windows Windows Server 2003 Datacenter\r\nMicrosoft Windows Windows Server 2003 Datacenter\r\nMicrosoft Windows Windows Server 2003 Datacenter\r\nMicrosoft Windows Windows Server 2003 Datacenter\r\nMicrosoft Windows Windows Server 2003 Datacenter\r\nMicrosoft Windows Windows Server 2003 Datacenter\r\nMicrosoft Windows Windows Server 2003 Datacenter\r\nMicrosoft Windows Windows 7 XP Mode 0\r\nMicrosoft Windows Windows 7 Ultimate 0\r\nMicrosoft Windows Windows 7 Starter 0\r\nMicrosoft Windows Windows 7 RC\r\nMicrosoft Windows Windows 7 Professional 0\r\nMicrosoft Windows Windows 7 Home Premium 0\r\nMicrosoft Windows Windows 7 Home Premium - Sp1 X\r\nMicrosoft Windows Windows 7 Home Premium - Sp1 X\r\nMicrosoft Windows Windows 7 for x64-based System\r\nMicrosoft Windows Windows 7 for x64-based System\r\nMicrosoft Windows Windows 7 for 32-bit Systems S\r\nMicrosoft Windows Windows 7 for 32-bit Systems 0\r\nMicrosoft Windows Silverlight 5.0\r\nMicrosoft Windows Silverlight 4.0\r\nMicrosoft Windows Office 2010 0\r\nMicrosoft Windows Office 2010 (64-bit edition) S\r\nMicrosoft Windows Office 2010 (64-bit edition) 0\r\nMicrosoft Windows Office 2010 (32-bit edition) S\r\nMicrosoft Windows Office 2010 (32-bit edition) 0\r\nMicrosoft Windows Office 2007 0\r\nMicrosoft Windows Office 2003 0\r\nMicrosoft Windows .NET Framework 4.0\r\nMicrosoft Windows .NET Framework 3.5.1\r\nMicrosoft Windows + Publisher 2003\r\nMicrosoft Windows + PowerPoint 2003 0\r\nMicrosoft Windows + Outlook 2003 0\r\nMicrosoft Windows + OneNote 2003 0\r\nMicrosoft Windows + InfoPath 2003\r\nMicrosoft Windows + FrontPage 2003\r\nMicrosoft Windows + Excel 2003\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMicrosoft\r\n---------\r\nMicrosoft\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08MS12-034\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\n\r\nMS12-034\uff1aCombined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)\r\n\r\n\u94fe\u63a5\uff1ahttp://www.microsoft.com/technet/security/bulletin/MS12-034.asp", "cvss3": {}, "published": "2012-05-09T00:00:00", "type": "seebug", "title": "Microsoft Windows TrueType\u5b57\u4f53\u5f15\u64ce\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e(CVE-2012-0159)(MS12-034)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2012-0159"], "modified": "2012-05-09T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60104", "id": "SSV:60104", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdi": [{"lastseen": "2023-06-05T15:23:18", "description": "This vulnerability allows remote attackers to execute arbitrary code from the contact of kernelspace on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the kernel's support for TrueType font parsing of compound glyphs. A sign extension error exists in win32k.sys when processing compound glyphs having a total number of contours above 0x7FFF. This can be exploited to corrupt kernel heap memory placed below the space allocated for the \"flags\" buffer and potentially execute arbitrary code in kernel space.", "cvss3": {}, "published": "2012-08-03T00:00:00", "type": "zdi", "title": "Microsoft Windows TrueType Font Parsing Remote Code Execution Vulnerability (Remote Kernel)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0159"], "modified": "2012-08-03T00:00:00", "id": "ZDI-12-129", "href": "https://www.zerodayinitiative.com/advisories/ZDI-12-129/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}