MS12-066: Vulnerability in HTML Sanitization Component could allow elevation of privilege: October 9, 2012

Article ID: 2741517 - View products that this article applies to.
Expand all | Collapse all

On This Page

INTRODUCTION

Microsoft has released security bulletin MS12-066. To view the complete security bulletin, go to one of the following Microsoft websites:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update
(http://support.microsoft.com/ph/6527)


Security solutions for IT professionals: TechNet Security Troubleshooting and Support
(http://technet.microsoft.com/security/bb980617.aspx)


Help protect your Windows-based computer from viruses and malware: Virus Solution and Security Center
(http://support.microsoft.com/contactus/cu_sc_virsec_master)


Local support according to your country: International Support
(http://support.microsoft.com/common/international.aspx)

Back to the top | Give Feedback

File hash information

Collapse this tableExpand this table
File name SHA1 hashSHA256 hash
AttendeeAdmin.msp5AF9150C7FF6DC6D494377FA4F3F07874CAF1332B8FB87D0908D88450898FE7E7CA72D96081AF53E4248305671F6E901E036EA55
AttendeeUser.mspE7E50C3D5BF51E91297201C4FCE7ABFADC0F42373D0B3C78DEF45FFA3E97003DEC48DE4149D7D39FE3D3E0A6410712F0FB7C48C2
coreserver2007-kb2687405-fullfile-x64-glb.exe93E84A87773AF9C5D6DABEDE7960293ABF751F2161209429CEF544D6357A099F7098D2762FCE0B29E64332D37CE2F1FF6A4251A1
coreserver2007-kb2687405-fullfile-x86-glb.exeAE495D8210E7F33E536C9184F7957B3E7378EC947A64846BC2293CE8043565B53FB01C043BB716AC26DC0A884A499762BD392920
coreserver2010-kb2589280-fullfile-x64-glb.exeB735523A1678DD2F48897CE687A64FA668B4FB9B13A8A9833813B3B489F62ED5BC7C8A1BB0375A27C3091FA93810781AC4CBA80D
emsgrs2010-kb2687402-fullfile-x64-glb.exeE35FB7E3EDEE40BFC1B3DE849F26E89A29797532F79CE297A6941A6FE634B1C182C1FE50BF17F1D31299E446D33DC6F38BB0EDA1
infopath2007-kb2687439-fullfile-x86-glb.exeA6C9B7362B9A9F54FAB952F2ED1FAFCF79D643C28EC938C54C2B17D11B6146D2A7536D7C24E7A46E995A11D991FA6F49067357B7
infopath2010-kb2687436-fullfile-x64-glb.exeC1844F9FF076E2F2E0C8FB0D8C4D08EA59B6745FF976084E6C5C0C766FAED686899501358CB1C2C95974D8ABB3E74F78E7219F9D
infopath2010-kb2687436-fullfile-x86-glb.exe4AAAA629BE31A5E87EEC874992ECCFC98A48BF4E13D40BB9B4EB6DCC7A87770327C1A2B95E633F39EE086398A2627280E9F1C6A7
ipeditor2007-kb2687440-fullfile-x86-glb.exe5221D5161CE045AB6B11EF58AF0AF4012B69ADE6BCF6E07354D50B35C7FDD8EB6D124509B31C8FEE24988F78DAE080568206AD50
ipeditor2010-kb2687417-fullfile-x64-glb.exe85C7B6D63EC0BCE9EFB8D421B96F9021F89DF1852729B88ECC55BADAD019CDA027CB8AA13681262DF4A878F923FF55C6B19ECC63
ipeditor2010-kb2687417-fullfile-x86-glb.exeFA1A5AFCE904D54D5757F9BA39DF7658E64A6D927999BE1B83899730AFDE82855A619AFA99115D422844811B5059F537469BAC0F
lync.msp0BB321227017020A2EB4814AD820437D5D354044BB2EA32FCC180B7E51A3A4C9B504511B788AA92BFDD5366148638D9E706BEED8
sts2007-kb2687356-fullfile-x64-glb.exe7A00D68E1DA741D3AEDB5536100299642CC7EE85080F36C58E97A1ADC6574D2CD13002123AFC8056A0B089DDD3A5ED22CB3D9752
sts2007-kb2687356-fullfile-x86-glb.exeE8C66DD75DE9032B88FF57ADCDCFCFC80820F81E247BA89EC69043DBDCD4F99F41C887E537EEE79322A0F4325251CB11143E4B1D
wac2010-kb2687401-fullfile-x64-glb.exe63F2C368D111AF860FD294D87E1FDF28885A45E8C040F02336F7C38D30D6D7D76E70DABEADC52B586147210E2923F2638A97C1E5
wosrv2010-kb2687435-fullfile-x64-glb.exe46DE8502BF0660AB295BF92EBA1EC5856BD08FB8FD43AAB81BAC0497D4B5CD4F55310CC1DCEF5109FCD9FAABD59FD4B2D1825686
wss2010-kb2687434-fullfile-x64-glb.exe21A1DEDABED8C35432007CB139030A1AB98E79BC93EF5208AC72AD1343F5D05B0A09A82FBB9525FFD31FB88B43F9ADBF02B341B4

Known issues and more information about this security update

The following articles contain more information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link.
  • 2589280
    (http://support.microsoft.com/kb/2589280/ )
    MS12-066: Description of the security update for SharePoint Server 2010 Service Pack 1 (coreserver): October 9, 2012

    Known issues in security update 2589280:
    • After you install this security update on all SharePoint servers, you have to run the PSconfig tool to complete the installation. For more information about how to use the PSconfig tool, go to the following Microsoft TechNet webpage:
      PSconfig command-line reference (SharePoint Server 2010)
      (http://technet.microsoft.com/en-us/library/cc263093.aspx)
  • 2687402
    (http://support.microsoft.com/kb/2687402/ )
    MS12-066: Description of the security update for Groove Server 2010 Service Pack 1: October 9, 2012

    Known issues in security update 2687402:
    • The Groove security update does not appear in Add or Remove Programs. To determine whether the update is installed, the system administrator can open the SharePoint Configuration Manager console.
  • 2687434
    (http://support.microsoft.com/kb/2687434/ )
    MS12-066: Description of the security update for SharePoint Foundation 2010 Service Pack 1: October 9, 2012

    Known issues in security update 2687434:
    • You must have SQL Admin access to the Team Foundation Server (TFS) databases in order to install this security update.

      Note We do not recommend that you uninstall any security update.
    • You must restart Internet Information Services (IIS) after you install this security update. To do this, restart the World Wide Web Publishing Service. For more information, go to the following Microsoft website:
      IIS Reset Activity
      (http://technet.microsoft.com/en-us/library/cc735265)
  • 2687435
    (http://support.microsoft.com/kb/2687435/ )
    MS12-066: Description of the security update for SharePoint Server 2010 Service Pack 1 (wosrv): October 9, 2012

    Known issues in security update 2687435:
    • After you install this security update on all SharePoint servers, you have to run the PSconfig tool to complete the installation. For more information about how to use the PSconfig tool, go to the following Microsoft TechNet website:
      PSconfig command-line reference (SharePoint Server 2010)
      (http://technet.microsoft.com/en-us/library/cc263093.aspx)
  • 2687436
    (http://support.microsoft.com/kb/2687436/ )
    MS12-066: Description of the security update for InfoPath 2010 Service Pack 1: October 9, 2012
  • 2687439
    (http://support.microsoft.com/kb/2687439/ )
    MS12-066: Description of the security update for InfoPath 2007 Service Pack 2: October 9, 2012

    Known issues in security update 2687439:
    • Windows Update will offer this security update to all systems that are running InfoPath 2007. However, the security update is required only for systems that are running Visual Studio Tool for Applications (VSTA). This security update can be installed on any system that is running InfoPath 2007. However, binaries are updated only on systems that are running VSTA.

      Note If you install this security update on a system that is running InfoPath 2007 without VSTA and then install VSTA, you do not have to reinstall this security update.
  • 2687440
    (http://support.microsoft.com/kb/2687440/ )
    MS12-066: Description of the security update for InfoPath 2007 Service Pack 3: October 9, 2012

    Known issues in security update 2687440:
    • Windows Update will offer this security update to all systems that are running InfoPath 2007. However, the security update is required only for systems that are running Visual Studio Tool for Applications (VSTA). This security update can be installed on any system that is running InfoPath 2007. However, binaries are updated only on systems that are running VSTA.

      Note If you install this security update on a system that is running InfoPath 2007 without VSTA and then install VSTA, you do not have to reinstall this security update.
  • 2687356
    (http://support.microsoft.com/kb/2687356/ )
    MS12-066: Description of the security update for Windows SharePoint Services 3.0 Service Pack 2: October 9, 2012
  • 2687442
    (http://support.microsoft.com/kb/2687442/ )
    MS12-066: Description of the security update for Windows SharePoint Services 3.0 Service Pack 2: October 9, 2012

    Known issues in security update 2687442:
    • Windows Update will offer this package using the KB number 2687442. However, after installation your system will show this update with the KB number 2687356. This issue occurs because of renumbering error that occurred when we submitted the content for publishing.
  • 2726382
    (http://support.microsoft.com/kb/2726382/ )
    MS12-066: Description of the security update for Lync 2010: October 9, 2012

    Known issues in security update 2726382:
    • When you install a Microsoft Lync 2010 update, you are not prompted to close Lync 2010. All ongoing conversations and conferences are closed so that the update can be installed successfully. After the installation is complete, you must manually restart Lync 2010. 
  • 2726384
    (http://support.microsoft.com/kb/2726384/ )
    MS12-066: Description of the security update for Microsoft Lync 2010 Attendee (user level install): October 9, 2012
  • 2726388
    (http://support.microsoft.com/kb/2726388/ )
    MS12-066: Description of the security update for Microsoft Lync 2010 Attendee (admin level install): October 9, 2012
  • 2726391
    (http://support.microsoft.com/kb/2726391/ )
    MS12-066: Description of the security update for Office Communicator 2007 R2: October 9, 2012
  • 2687401
    (http://support.microsoft.com/kb/2687401/ )
    MS12-064 and MS12-066: Description of the security update for Office Web Apps 2010 Service Pack 1: October 9, 2012

    Known issues in security update 2687401:
    • After you install this security update on all SharePoint servers, you have to run the PSconfig tool to complete the installation. For more information about how to use the PSconfig tool, go the following Microsoft TechNet website:
      PSconfig command-line reference (SharePoint Server 2010)
      (http://technet.microsoft.com/en-us/library/cc263093.aspx)
  • 2687436
    (http://support.microsoft.com/kb/2687436/ )
    MS12-066: Description of the security update for InfoPath 2010 Service Pack 1: October 9, 2012
  • 2687405
    (http://support.microsoft.com/kb/2687405/ )
    MS12-066: Description of the security update for SharePoint Server 2007 (coreserver): October 9, 2012
Back to the top | Give Feedback

Properties

Article ID: 2741517 - Last Review: November 19, 2012 - Revision: 5.1
Applies to
  • Microsoft SharePoint Server 2010 Service Pack 1, when used with:
    • Microsoft SharePoint Server 2010
  • Microsoft Visual Studio Team Foundation Server 2010 Service Pack 1, when used with:
    • Microsoft Visual Studio Team Foundation Server 2010
  • Microsoft Groove Server 2010
  • Microsoft Office InfoPath 2007
  • Microsoft Windows SharePoint Services 3.0 Service Pack 2, when used with:
    • Microsoft Windows SharePoint Services 3.0
  • Microsoft Lync 2010
  • Microsoft Lync 2010 Attendant
  • Microsoft Lync 2010 Attendee
  • Microsoft Office Communicator 2007 R2
  • Microsoft Windows SharePoint Services 2.0
  • Microsoft Windows SharePoint Services 3.0
  • Microsoft Windows SharePoint Services 3.0 Language Pack Service Pack 1
  • Microsoft Windows SharePoint Services 3.0 Service Pack 1
  • Microsoft Windows SharePoint Services 3.0 Service Pack 2
  • Microsoft Windows SharePoint Services Service Pack 1
  • Microsoft Windows SharePoint Services Service Pack 3
  • Microsoft Windows SharePoint Services Service Pack 3 for Language Template Pack
  • Microsoft Windows SharePoint Services 3.0 Service Pack 3
Keywords: 
kbexpertiseinter kbqfe kbsecurity kbsecbulletin kbsecvulnerability kbbug kbfix kbsurveynew KB2741517
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top