7 Security Bulletins were released – 5 Critical, 2 Important, and 0 Moderate
We have not uncovered any widespread problems with any of these patches and are releasing all of them.
Noteworthy Patch News
Of the 5 critical patches released MS12-077 should be the top priority. This Internet Explorer flaw affects all versions however it is only considered exploitable with the newer versions of IE (9 and 10) MS12-079 is also important as it affects Office Word. MS12-080 applies to Exchange 2007 and 2010 which make it a priority as well.
For those who keep track of such things 2012 once again saw a drop in the number of security bulletins released by Microsoft – 83 total. That is a 17% drop from 2011 and a 20% drop from 2010. Let’s hope that trend continues in 2013.
No out-of-band updates were released during the last month.
This Month In Brief
- Publically disclosed: MS12-078, MS12-080
- Being exploited: None
- Rated CRITICAL: MS12-077, MS12-078, MS12-079, MS12-080, MS12-081
- (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating )
- Servers: Yes
- Workstations: Yes
New Security Bulletins
|MS12-077 (Cumulative Security Update for Internet Explorer (2761465))||The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
|MS12-078 (Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534))||The more severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a malicious webpage that embeds TrueType or OpenType font files.
|MS12-079 (Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642))||The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Office software, or previews or opens a specially crafted RTF email message in Outlook while using Microsoft Word as the email viewer.
|MS12-080 (Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126))||The most severe vulnerabilities are in Microsoft Exchange Server WebReady Document Viewing and could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA).
|MS12-081 (Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857))||The vulnerability could allow remote code execution if a user browses to a folder that contains a file or subfolder with a specially crafted name.
|MS12-082 (Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660))||The vulnerability could allow remote code execution if an attacker convinces a user to view a specially crafted Office document with embedded content.
|MS12-083 (Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809))||The vulnerability could allow security feature bypass if an attacker presents a revoked certificate to an IP-HTTPS server commonly used in Microsoft DirectAccess deployments.