We have not uncovered any widespread problems with any of these patches and are releasing all of them.
MS12-020 is rated Critical. After your next patch cycle completes you should follow up and make sure this is installed. This is an RDP vulnerability and only machines with this enabled are at risk. Although this was not publically known or being actively exploited before yesterday’s release, it’s public now. Microsoft considers a successful exploit very likely within the next 30 days.
No out-of-band updates were released during the last month.
6 Security Bulletins were released
Exploitability
Publically disclosed: MS12-019
Being exploited: None
Rated CRITICAL: MS12-020
(The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating )
Requires Restart
Servers: Yes
Workstations: Yes
Know Issues per Microsoft
MS12-020, MS12-021 and MS12-022
New Security Bulletins
(MS#/Affected Software/Type)
CRITICAL
MS12-020:(RDP) The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system.
IMPORTANT
MS12-017:(DNS Server) The vulnerability could allow denial of service if a remote unauthenticated attacker sends a specially crafted DNS query to the target DNS server.
MS12-018:(Windows kernel mode drivers) The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
MS12-019:(DirectWrite) In an Instant Messenger-based attack scenario, the vulnerability could allow denial of service if an attacker sends a specially crafted sequence of Unicode characters directly to an Instant Messenger client.
MS12-021:(Visual Studio) The vulnerability could allow elevation of privilege if an attacker places a specially crafted add-in in the path used by Visual Studio and convinces a user with higher privileges to start Visual Studio.
MS12-022:(Expression Design) The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .xpr or .DESIGN file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file.
Details and Links
MS12-017: Vulnerability in DNS Server Could Allow Denial of Service (2647170)
http://technet.microsoft.com/en-us/security/bulletin/ms12-017
Severity: Important
KB in Kaseya: KB2647170
Affected Software: Server 2003, Server 2008, Server 2008 R2
Known Issues per MS: None
MS12-018: Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2641653)
http://technet.microsoft.com/en-us/security/bulletin/ms12-018
Severity: Important
KB in Kaseya: KB2641653
Affected Software: XP, Vista, Server 2003, Server 2008, Server 2008 R2, Windows 7
Known Issues per MS: None
MS12-019: Vulnerability in DirectWrite Could Allow Denial of Service (2665364)
http://technet.microsoft.com/en-us/security/bulletin/ms12-019
Severity: Moderate
KB in Kaseya: KB2665364
Affected Software: Vista, Server 2003, Server 2008, Server 2008 R2, Windows 7
Known Issues per MS: None
MS12-020: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)
http://technet.microsoft.com/en-us/security/bulletin/ms12-020
Severity: Critical
KB in Kaseya: KB2621440,KB2667402
Affected Software: XP, Vista, Server 2003, Server 2008, Server 2008 R2, Windows 7
Known Issues per MS: http://support.microsoft.com/kb/2671387
MS12-021: Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019)
http://technet.microsoft.com/en-us/security/bulletin/ms12-021
Severity: Important
KB in Kaseya: KB2669970,KB2644980,KB2645410
Affected Software: Visual Studio 2008, Visual Studio 2010
Known Issues per MS: http://support.microsoft.com/kb/2651019
MS12-022: Vulnerability in Expression Design Could Allow Remote Code Execution (2651018)
http://technet.microsoft.com/en-us/security/bulletin/ms12-022
Severity: Important
KB in Kaseya: KB2675064,KB2667724,KB2667725,KB2667727,KB2667730
Affected Software: Expression Design
Known Issues per MS: http://support.microsoft.com/kb/2651018
