Microsoft Security Bulletin: December 2012 Release

7103_securitybulletin_thumb_32407BF9

Hi Everyone! This month is quite a busy one when it comes to updates. We have a total of 7 updates however I’ve been seeing up to 15 on some of my machines and if you have a Surface we have another system update available as well.

Bulletin Information

Executive Summaries

The following table summarizes the security bulletins for this month in order of severity.

For details on affected software, see the next section, Affected Software and Download Locations.

Bulletin ID Bulletin Title and Executive Summary Maximum Severity Rating and Vulnerability Impact Restart Requirement Affected Software
MS12-077 Cumulative Security Update for Internet Explorer (2761465) This security update resolves three privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Critical  Remote Code Execution Requires restart Microsoft Windows, Internet Explorer
MS12-078 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534) This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a malicious webpage that embeds TrueType or OpenType font files. An attacker would have to convince users to visit the website, typically by getting them to click a link in an email message that takes them to the attacker's website. Critical  Remote Code Execution Requires restart Microsoft Windows
MS12-079 Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642) This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Office software, or previews or opens a specially crafted RTF email message in Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Critical  Remote Code Execution May require restart Microsoft Office
MS12-080 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126) This security update resolves publicly disclosed vulnerabilities and one privately reported vulnerability in Microsoft Exchange Server. The most severe vulnerabilities are in Microsoft Exchange Server WebReady Document Viewing and could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA). The transcoding service in Exchange that is used for WebReady Document Viewing is running in the LocalService account. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network. Critical  Remote Code Execution May require restart Microsoft Server Software
MS12-081 Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857) This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user browses to a folder that contains a file or subfolder with a specially crafted name. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Critical  Remote Code Execution Requires restart Microsoft Windows
MS12-082 Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660) This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker convinces a user to view a specially crafted Office document with embedded content. An attacker who successfully exploits this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Important  Remote Code Execution Requires restart Microsoft Windows
MS12-083 Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809) This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker presents a revoked certificate to an IP-HTTPS server commonly used in Microsoft DirectAccess deployments. To exploit the vulnerability, an attacker must use a certificate issued from the domain for IP-HTTPS server authentication. Logging on to a system inside the organization would still require system or domain credentials. Important  Security Feature Bypass Requires restart Microsoft Windows

More Information

Microsoft Windows Malicious Software Removal Tool:

Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Non-Security Updates on MU, WU, and WSUS:

For information about non-security releases on Windows Update and Microsoft Update, please see:  https://support.microsoft.com/kb/894199: Microsoft Knowledge Base Article 894199, Description of Software Update Services and Windows Server Update Services changes in content. Includes all Windows content.

https://technet.microsoft.com/wsus/bb456965: Updates from Past Months for Windows Server Update Services. Displays all new, revised, and rereleased updates for Microsoft products other than Microsoft Windows.

Microsoft Active Protections Program (MAPP)

To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections websites provided by program partners, listed at https://www.microsoft.com/security/msrc/collaboration/mapp.aspx.

Recognize and avoid fraudulent email to Microsoft customers:

If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.

The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at https://technet.microsoft.com/security/bulletin/pgp.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications on https://technet.microsoft.com/security/dd252948.

Jeffa

Technorati Tags: Security Bulletin's,Updates,Patching

Digg This