6 Security Bulletins were released – 4 Critical, 1 Important, and 1 Moderate
We have not uncovered any widespread problems with any of these patches and are releasing all of them.
Noteworthy Patch News
Critical update MS12-071 for Internet Explorer is the top priority this month. However the problem only affects IE 9 so the actual percentage of vulnerable machines may not be that great. The 3 other critical updates (MS12-072, MS12-074, MS12-075) affect all Microsoft operating systems. Expect all of your machines to require a reboot after this month’s patches are applied.
No out-of-band updates were released during the last month.
This Month In Brief
- Publically disclosed: MS12-073
- Being exploited: None
- Rated CRITICAL: MS12-071, MS12-072, MS12-074, MS12-075
- (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating )
- Servers: Yes
- Workstations: Yes
New Security Bulletins
|MS12-071 (Internet Explorer)||The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
|MS12-072 (Windows Shell)||The vulnerabilities could allow remote code execution if a user browses to a specially crafted briefcase in Windows Explorer.
|MS12-074 (.Net Framework)||The most severe of these vulnerabilities could allow remote code execution if an attacker convinces the user of a target system to use a malicious proxy auto configuration file and then injects code into the currently running application.
|MS12-075 (Windows Kernel-Mode Drivers)||The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a malicious webpage that embeds TrueType font files.
|MS12-076 (Office Excel)||The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file with an affected version of Microsoft Excel.
|MS12-073 (Internet Information Services)||The more severe vulnerability could allow information disclosure if an attacker sends specially crafted FTP commands to the server.