We have not uncovered any widespread problems with any of these patches and are releasing all of them.
4 are rated Critical. After your next patch cycle completes you should follow up and make sure these are installed. Microsoft recommends giving top priority to MS12-010, a cumulative update for IE.
No out-of-band updates were released during the last month.
9 Security Bulletins were released
Exploitability
Publically disclosed: MS12-008, MS12-012, MS12-014, MS12-016
Being exploited: None
Rated CRITICAL: MS12-008, MS12-010, MS12-013, MS12-016
(The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating )
Requires Restart
Servers: Yes
Workstations: Yes
Know Issues per Microsoft
MS12-011 and MS12-013
New Security Bulletins
(MS#/Affected Software/Type)
CRITICAL
MS12-008:(Windows Kernel-Mode Drivers) The more severe of these vulnerabilities could allow remote code execution if a user visits a website containing specially crafted content or if a specially crafted application is run locally.
MS12-010:(Internet Explorer) The most severe vulnerabilities could allow remote code execution if a user views a specially crafted web page using Internet Explorer.
MS12-013:(C Run-Time Library ) The vulnerability could allow remote code execution if a user opens a specially crafted media file that is hosted on a website or sent as an email attachment.
MS12-016:(.NET Framework and Microsoft Silverlight) The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted web page using a web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications.
IMPORTANT
MS12-009:(Privilege elevation) The vulnerabilities could allow elevation of privilege if an attacker logs on to a user’s system and runs a specially crafted application.
MS12-011:(Sharepoint) These vulnerabilities could allow elevation of privilege or information disclosure if a user clicked a specially crafted URL.
MS12-012:(Windows) The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .icm or .icc file) that is located in the same directory as a specially crafted dynamic link library (DLL) file.
MS12-014:(Indeo Codec) The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .avi file) that is located in the same directory as a specially crafted dynamic link library (DLL) file.
MS12-015:(Visio Viewer 2010) The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file.
Details and Links
MS12-008: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465)
http://technet.microsoft.com/en-us/security/bulletin/ms12-008
Severity: Critical
KB in Kaseya: KB2660465
Affected Software: XP, Vista, Server 2003, Server 2008, Server 2008 R2, Windows 7
Known Issues per MS: None
MS12-009: Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640)
http://technet.microsoft.com/en-us/security/bulletin/ms12-009
Severity: Important
KB in Kaseya: KB2645640
Affected Software: XP, Vista, Server 2003, Server 2008, Server 2008 R2, Windows 7
Known Issues per MS: None
MS12-010: Cumulative Security Update for Internet Explorer (2647516)
http://technet.microsoft.com/en-us/security/bulletin/ms12-010
Severity: Critical
KB in Kaseya: KB2647516
Affected Software: XP, Vista, Server 2003, Server 2008, Server 2008 R2, Windows 7
Known Issues per MS: None
MS12-011: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841)
http://technet.microsoft.com/en-us/security/bulletin/ms12-011
Severity: Important
KB in Kaseya: KB2553413, KB2597124
Affected Software: SharePoint Foundation 2010,SharePoint Server 2010
Known Issues per MS: http://support.microsoft.com/kb/2663841
MS12-012: Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719)
http://technet.microsoft.com/en-us/security/bulletin/ms12-012
Severity: Important
KB in Kaseya: KB2643719
Affected Software: Server 2008, Server 2008 R2
Known Issues per MS: None
MS12-013: Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428)
http://technet.microsoft.com/en-us/security/bulletin/ms12-013
Severity: Critical
KB in Kaseya: KB2654428
Affected Software: Vista, Server 2008, Server 2008 R2, Windows 7
Known Issues per MS: http://support.microsoft.com/kb/2654428
MS12-014: Vulnerability in Indeo Codec Could Allow Remote Code Execution (2661637)
http://technet.microsoft.com/en-us/security/bulletin/ms12-014
Severity: Important
KB in Kaseya: KB2661637
Affected Software: XP
Known Issues per MS: None
MS12-015: Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2663510)
http://technet.microsoft.com/en-us/security/bulletin/ms12-015
Severity: Important
KB in Kaseya: KB2663510
Affected Software: Visio 2010 Viewer
Known Issues per MS: None
Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026)
http://technet.microsoft.com/en-us/security/bulletin/ms12-016
Severity: Critical
KB in Kaseya: KB2668562, KB2633870, KB2633873, KB2633874, KB2633879, KB2633880
Affected Software: XP, Vista, Windows 7, Silverlight 4
Known Issues per MS: None
