Skip to content

Virtual Administrator's December 2012 Patch Recommendations

7 Security Bulletins were released – 5 Critical, 2 Important, and 0 Moderate

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

Noteworthy Patch News

Of the 5 critical patches released MS12-077 should be the top priority. This Internet Explorer flaw affects all versions however it is only considered exploitable with the newer versions of IE (9 and 10) MS12-079 is also important as it affects Office Word. MS12-080 applies to Exchange 2007 and 2010 which make it a priority as well.

For those who keep track of such things 2012 once again saw a drop in the number of security bulletins released by Microsoft – 83 total. That is a 17% drop from 2011 and a 20% drop from 2010. Let’s hope that trend continues in 2013.

No out-of-band updates were released during the last month.

This Month In Brief

Exploitability

Requires Restart

  • Servers: Yes
  • Workstations: Yes

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

MS12-077 (Cumulative Security Update for Internet Explorer (2761465)) The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Details
KB in Kaseya: KB2761465
Affected Software: XP, Vista, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows 7, Windows 8
Known Issues per MS: None
MS12-078 (Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534)) The more severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a malicious webpage that embeds TrueType or OpenType font files.
Details
KB in Kaseya: KB2779030, KB2753842
Affected Software: XP, Vista, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows 7, Windows 8
Known Issues per MS: None
MS12-079 (Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642)) The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Office software, or previews or opens a specially crafted RTF email message in Outlook while using Microsoft Word as the email viewer.
Details
KB in Kaseya: KB2687412, KB2760405, KB2760410, KB2760421, KB2760416, KB2760497, KB2760498
Affected Software: Office (2003, 2007, 2010), Word Viewer, Office Compatibility Pack, Office Web Apps 2010, SharePoint Server 2010
Known Issues per MS: None
MS12-080 (Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126)) The most severe vulnerabilities are in Microsoft Exchange Server WebReady Document Viewing and could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA).
Details
KB in Kaseya: KB2746157, KB2787763, KB2785908
Affected Software: Exchange (2007, 2010)
Known Issues per MS: None
MS12-081 (Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857)) The vulnerability could allow remote code execution if a user browses to a folder that contains a file or subfolder with a specially crafted name.
Details
KB in Kaseya: KB2758857
Affected Software: XP, Vista, Server 2003, Server 2008, Server 2008 R2, Windows 7
Known Issues per MS: None

IMPORTANT

MS12-082 (Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660)) The vulnerability could allow remote code execution if an attacker convinces a user to view a specially crafted Office document with embedded content.
Details
KB in Kaseya: KB2770660
Affected Software: XP, Vista, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows 7, Windows 8
Known Issues per MS: None
MS12-083 (Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809)) The vulnerability could allow security feature bypass if an attacker presents a revoked certificate to an IP-HTTPS server commonly used in Microsoft DirectAccess deployments.
Details
KB in Kaseya: KB2765809
Affected Software: Server (2008 R2, 2012)
Known Issues per MS: None

MODERATE

Scroll To Top