Skip to content

Virtual Administrator’s February 2012 Patch Recommendations

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

4 are rated Critical.  After your next patch cycle completes you should follow up and make sure these are installed.  Microsoft recommends giving top priority to MS12-010, a cumulative update for IE.

No out-of-band updates were released during the last month.

9 Security Bulletins were released

Exploitability

Publically disclosed: MS12-008, MS12-012, MS12-014, MS12-016

Being exploited:  None

Rated CRITICAL: MS12-008, MS12-010, MS12-013, MS12-016

(The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating )

Requires Restart 

Servers: Yes

Workstations: Yes

Know Issues per Microsoft

MS12-011 and MS12-013

New Security Bulletins

(MS#/Affected Software/Type)

 

CRITICAL

MS12-008:(Windows Kernel-Mode Drivers) The more severe of these vulnerabilities could allow remote code execution if a user visits a website containing specially crafted content or if a specially crafted application is run locally.

MS12-010:(Internet Explorer) The most severe vulnerabilities could allow remote code execution if a user views a specially crafted web page using Internet Explorer.

MS12-013:(C Run-Time Library ) The vulnerability could allow remote code execution if a user opens a specially crafted media file that is hosted on a website or sent as an email attachment.

MS12-016:(.NET Framework and Microsoft Silverlight) The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted web page using a web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications.

IMPORTANT

MS12-009:(Privilege elevation) The vulnerabilities could allow elevation of privilege if an attacker logs on to a user’s system and runs a specially crafted application.

MS12-011:(Sharepoint) These vulnerabilities could allow elevation of privilege or information disclosure if a user clicked a specially crafted URL.

MS12-012:(Windows) The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .icm or .icc file) that is located in the same directory as a specially crafted dynamic link library (DLL) file.

MS12-014:(Indeo Codec) The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .avi file) that is located in the same directory as a specially crafted dynamic link library (DLL) file.

MS12-015:(Visio Viewer 2010) The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file.

Details and Links

MS12-008: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465)

http://technet.microsoft.com/en-us/security/bulletin/ms12-008

Severity: Critical

KB in Kaseya: KB2660465

Affected Software: XP, Vista, Server 2003, Server 2008, Server 2008 R2, Windows 7

Known Issues per MS: None

 

MS12-009: Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640)

http://technet.microsoft.com/en-us/security/bulletin/ms12-009

Severity: Important

KB in Kaseya: KB2645640

Affected Software: XP, Vista, Server 2003, Server 2008, Server 2008 R2, Windows 7

Known Issues per MS: None

 

MS12-010: Cumulative Security Update for Internet Explorer (2647516)

http://technet.microsoft.com/en-us/security/bulletin/ms12-010

Severity: Critical

KB in Kaseya: KB2647516

Affected Software: XP, Vista, Server 2003, Server 2008, Server 2008 R2, Windows 7

Known Issues per MS: None

 

MS12-011: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841)

http://technet.microsoft.com/en-us/security/bulletin/ms12-011

Severity: Important

KB in Kaseya: KB2553413, KB2597124

Affected Software: SharePoint Foundation 2010,SharePoint Server 2010

Known Issues per MS: http://support.microsoft.com/kb/2663841

 

MS12-012: Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719)

http://technet.microsoft.com/en-us/security/bulletin/ms12-012

Severity: Important

KB in Kaseya: KB2643719

Affected Software: Server 2008, Server 2008 R2

Known Issues per MS: None

 

MS12-013: Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428)

http://technet.microsoft.com/en-us/security/bulletin/ms12-013

Severity: Critical

KB in Kaseya: KB2654428

Affected Software: Vista, Server 2008, Server 2008 R2, Windows 7

Known Issues per MS: http://support.microsoft.com/kb/2654428

 

MS12-014: Vulnerability in Indeo Codec Could Allow Remote Code Execution (2661637)

http://technet.microsoft.com/en-us/security/bulletin/ms12-014

Severity: Important

KB in Kaseya: KB2661637

Affected Software: XP

Known Issues per MS: None

 

MS12-015: Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2663510)

http://technet.microsoft.com/en-us/security/bulletin/ms12-015

Severity: Important

KB in Kaseya: KB2663510

Affected Software: Visio 2010 Viewer

Known Issues per MS: None

 

Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026)

http://technet.microsoft.com/en-us/security/bulletin/ms12-016

Severity: Critical

KB in Kaseya: KB2668562, KB2633870, KB2633873, KB2633874, KB2633879, KB2633880

Affected Software: XP, Vista, Windows 7, Silverlight 4

Known Issues per MS: None

Scroll To Top