Aug 142012
 
Overview of the August 2012 Microsoft patches and their status.



#
Affected
Contra Indications - KB
Known Exploits
Microsoft rating(**)
ISC rating(*)


clients
servers







MS12-052
Cumulative Security Update for Internet Explorer - Layout Memory Corruption Vulnerability
(Replaces MS12-037)



MSIE

CVE-2012-1526



KB 2722913
No publicly known exploits.
Severity:Critical

Exploitability: 1
Critical
Important





MS12-053
Vulnerability in Remote Desktop Could Allow Remote Code Execution
(Replaces MS12-036)



Remote Desktop

CVE-2012-2526



KB 2723135
No publicly known exploits.
Severity:Critical

Exploitability: 2
Critical
N/A





MS12-054
Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution
(Replaces MS08-067 MS09-022)



Windows Networking

CVE-2012-1850
CVE-2012-1851
CVE-2012-1852
CVE-2012-1853



KB 2733594
No publicly known exploits.
Severity:Critical

Exploitability: 1
Critical
Critical





MS12-055
Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevatin of Privilege
(Replaces MS12-047)



Windows Kernel Mode Drivers

CVE-2012-2527



KB 2731847
No publicly known exploits.
Severity:Important

Exploitability: 1
Important
Important





MS12-056
Vulnerability in JScript and VBScript Engines Could Allow Remote Code Execution
(Replaces MS11-031)



JScript and VBScript

CVE-2012-3408



KB 2706045
No publicly known exploits.
Severity:Important

Exploitability: 2
Critical
Important





MS12-057
Vulnerability in Microsoft Office Could Allow Remote Code Execution
(Replaces MS11-073 MS10-105)



Office

CVE-2012-2524



KB 2731879
No publicly known exploits.
Severity:Important

Exploitability: 3
Important
N/A





MS12-058
Vulnerability in Microsoft Exchange Server WebReady Document Viewing Could Allow Remote Code Execution


Exchange

CVE-2012-2525

CVE-2012-1767

CVE-2012-1773



KB 2740358
No publicly known exploits.
Severity:Critical

Exploitability: 1
N/A
Critical





MS12-059
Vulnerability in Microsoft Visio Could Allow Remote Code Execution
(Replaces MS11-089 MS12-031)



Visio

CVE-2012-1888



KB 2733918
No publicly known exploits.
Severity:Important

Exploitability: 1
Important
N/A






MS12-060
Vulnerability in Windows Common Controls Could Allow Remote Code Execution
(Replaces MS12-027)



MSCOMCTL.OCX

CVE-2012-1856



KB 2720573
No publicly known exploits. Threatpost indicates being actively exploited.
Severity:Critical

Exploitability: 1
Critical
Critical





We will update issues on this page for about a week or so as they evolve.

We appreciate updates

US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY

(*): ISC rating

We use 4 levels:

PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
Critical: Anything that needs little to become interesting for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
Important: Things where more testing and other measures can help.
Less Urgent: Typically we expect the impact if left unpatched to be not that big a deal in the short term. Do not forget them however.


The difference between the client and server rating is based on how you use the affected machine. We take into account the typical client and server deployment in the usage of the machine and the common measures people typically have in place already. Measures we presume are simple best practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threat for affected systems. The rating does not account for the number of affected systems there are. It is for an affected system in a typical worst-case role.
Only the organization itself is in a position to do a full risk analysis involving the presence (or lack of) affected systems, the actually implemented measures, the impact on their operation and the value of the assets involved.
All patches released by a vendor are important enough to have a close look if you use the affected systems. There is little incentive for vendors to publicize patches that do not have some form of risk to them.

(**): The exploitability rating we show is the worst of them all due to the too large number of ratings Microsoft assigns to some of the patches.

--

-- Rick Wanner - rwanner at isc dot sans dot org - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected) (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Aug 142012
 
Severity Rating: Important
Revision Note: V1.0 (August 14, 2012): Bulletin published.
Summary: This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Aug 142012
 
Severity Rating: Important
Revision Note: V2.1 (August 14, 2012): Clarified that users with Internet Explorer 9 installed on their systems do not need to install this update. See the section, Frequently Asked Questions (FAQ) Related to This Security Update, for more information.
Summary: This security update resolves a privately reported vulnerability in the JScript and VBScript scripting engines. The vulnerability could allow information disclosure if a user visited a specially crafted Web site. An attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.
Aug 142012
 
Severity Rating: Important
Revision Note: V1.0 (August 14, 2012): Bulletin published.
Summary: This security update resolves one privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted file or embeds a specially crafted Computer Graphics Metafile (CGM) graphics file into an Office file. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Aug 142012
 
Severity Rating: Important
Revision Note: V1.0 (August 14, 2012): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Switch to our mobile site