Navigation section
ms12-022
About this tag
MS12-022 is a Microsoft security bulletin addressing a vulnerability in Expression Design that could allow remote code execution. The privately reported flaw involves insecure library loading, where opening a legitimate file (such as .xpr or .DESIGN) from a network directory containing a malicious DLL could lead to code execution. The update, rated Important, resolves this by correcting how Expression Design loads external libraries. This bulletin is part of the ongoing Microsoft Security Advisory (2269637) on insecure library loading. Users are advised to apply the update to mitigate the risk of remote code execution attacks.
-
Microsoft Security Advisory (2269637): Insecure Library Loading Could Allow Remote Code Execution -
Revision Note: V15.0 (March 13, 2012): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS12-022, "Vulnerability in Expression Design Could Allow Remote Code Execution." Summary: Microsoft is aware that research has been...- News
- Thread
- advisory attack vector bulletin expression design insecure library loading microsoft ms12-022 patch management remote code execution research security update vulnerability
- Replies: 0
- Forum: Security Alerts
-
MS12-022 - Important : Vulnerability in Expression Design Could Allow Remote Code Execution (2651018
Severity Rating: Important Revision Note: V1.1 (March 14, 2012): Removed erroneous installation switch option descriptions from the Security Update Deployment tables for all supported releases. This is an informational change only. There were no changes to the detection logic or the...- News
- Thread
- attack dll dynamic link library execution expression design extended security updates file opening file system informational malware microsoft ms12-022 network folder patch remote code execution security update user protection vulnerability webdav
- Replies: 0
- Forum: Security Alerts
-
MS12-022 - Important : Vulnerability in Expression Design Could Allow Remote Code Execution (2651018
Severity Rating: Important Revision Note: V1.0 (March 13, 2012): Bulletin published. Summary: This security update resolves one privately reported vulnerability in Microsoft Expression Design. The vulnerability could allow remote code execution if a user opens a legitimate...- News
- Thread
- cybersecurity dll exploitation expression design file management malware microsoft ms12-022 patch remote code execution risk assessment security threats update vulnerability webdav
- Replies: 0
- Forum: Security Alerts