Skip to content

Virtual Administrator’s August 2012 Patch Recommendations

9 Security Bulletins were released – 5 Critical and 4 Important

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

MS12-060 and MS12-054 are the top priority this month. After your next patch cycle completes you should follow up and make sure these are installed. Exchange Server administrators will want follow up on MS12-058. MS12-053 is an RDP vulnerability but only applies to XP and only machines with this enabled are at risk.

No out-of-band updates were released during the last month.

Noteworthy Patch News

“Microsoft Security Advisory – Update For Minimum Certificate Key Length”

Update restricts the use of certificates with RSA keys less than 1024 bits in length. This update will not be released via Windows Update until October 2012 but is available now so system administrators can install and test.

This Month In Brief

Exploitability

Requires Restart

  • Servers: Yes
  • Workstations: Yes

Known Issues per Microsoft

  • MS12-057

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

MS12-052:(Internet Explorer) The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Details
KB in Kaseya: KB2722913
Affected Software: XP, Vista, Server 2003, Server 2008, Server 2008 R2, Windows 7
Known Issues per MS:None
MS12-053:(RDP) The vulnerability could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system.
Details
KB in Kaseya: KB2723135
Affected Software: XP
Known Issues per MS:None
MS12-054:(Windows Networking) The most severe of these vulnerabilities could allow remote code execution if an attacker sends a specially crafted response to a Windows print spooler request.
Details
KB in Kaseya: KB2705219, KB2712808
Affected Software: XP, Vista, Server 2003, Server 2008, Server 2008 R2, Windows 7
Known Issues per MS:None
MS12-058:(Exchange) The vulnerabilities could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA).
Details
KB in Kaseya: KB2706690, KB2734323, KB2743248
Affected Software: Exchange 2007,Exchange 2010
Known Issues per MS:None
MS12-060:(Windows Common Controls) The vulnerability could allow remote code execution if a user visits a website containing specially crafted content designed to exploit the vulnerability.
Details
KB in Kaseya: KB983812, KB983813, KB2597986, KB2687323, KB2687441, KB2708437, KB2708940, KB2708941, KB2711207, KB2716389, KB2716390, KB2716392, KB2716393
Affected Software: Office (2003,2007,2010), SQL Server (2000,2005,2008,2008 R2), Visual FoxPro (8.0,9.0), Host Integration Server 2004, Commerce Server (2002,2007,2009,2009 R2),Visual Basic 6.0 Runtime
Known Issues per MS:None

IMPORTANT

MS12-055:(Windows kernel-mode drivers) The vulnerability could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.
Details
KB in Kaseya: KB2731847
Affected Software: XP, Vista, Server 2003, Server 2008, Server 2008 R2, Windows 7
Known Issues per MS:None
MS12-056:(JScript and VBScript Scripting Engine) The vulnerability could allow remote code execution if a user visited a specially crafted website.
Details
KB in Kaseya: KB2706045
Affected Software: XP, Vista, Server 2003, Server 2008, Server 2008 R2, Windows 7
Known Issues per MS:None
MS12-057:(Office) The vulnerability could allow remote code execution if a user opens a specially crafted file or embeds a specially crafted Computer Graphics Metafile (CGM) graphics file into an Office file.
Details
KB in Kaseya: KB2553260, KB2589322, KB2596615, KB2596754
Affected Software: Office 2007, Office 2010
Known Issues per MS:http://support.microsoft.com/kb/2731879
MS12-059:(Visio) The vulnerability could allow remote code execution if a user opens a specially crafted Visio file.
Details
KB in Kaseya: KB2597171, KB2598287
Affected Software: Visio 2010
Known Issues per MS:None
Scroll To Top