It's Microsoft Patch Tuesday: April 2012

Justin James gathers the information you need to make the right deploy decisions when applying Microsoft's April 2012 patches in your organization.

One nice thing about the April 2012 set of patches is that it seems like the issue where opening files on network shares leads to remote code execution attacks has finally been taken care of. At the same time, we're hit with a problem affecting the Windows Common Controls used in a huge variety of products. That's going to be a lot of patching, unfortunately. There is also another vulnerability in XAML Browser Applications. At this point, I suggest that you disable them or restrict them to Intranet-only, because the security flaws around them seem to be approaching ActiveX-levels.

This blog post is also available in PDF format in a TechRepublic download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Security Patches

MS12-023/KB2675157 - Critical (XP, Vista, W7)/Moderate (2003, 2008, 2008 R2): Five vulnerabilities in Internet Explorer 6 through IE9 are patched that can allow remote code execution attacks to be performed through Web pages. Install this patch immediately. MS12-024/KB2653956 - Critical (XP, Vista, W7, 2003, 2008, 2008 R2): A security flaw with the handling of portable execution (PE) files can allow remote code execution attacks to be performed through PE files. PE files are not common, but you should install this patch ASAP. MS12-025/KB2671605 - Critical (XP, Vista, W7, 2003, 2008, 2008 R2): The patch solves yet another remote code execution vulnerability in XAML Browser Applications (XBAPs). Install the patch immediately, and considering the number of security bugs in this otherwise rarely used technology, you may want to seriously consider blocking XBAPs completely. MS12-026/KB2663860 - Important (Microsoft Forefront Unified Access Gateway 2010): Microsoft Unified Access Gateway (UAG) has a pair of bugs, one of which allows attackers to get access through UAG that they should not have through a malicious query. Install this patch if you use UAG. MS12-027/KB2664258 - Critical (Office 2003, Office 2003 Web Components, Office 2007, Office 2010, SQL Server 2000 Analysis Services, SQL Server 2000, SQL Server 2005, SQL Server 2008, SQL Server 2008 R2, BizTalk Server 2002, Commerce Server 2002, Commerce Server 2007, Commerce Server 2009, Commerce Server 2009 R2, Visual FoxPro 8.0, Visual FoxPro 9.0, VB 6 Runtime): The Windows Common Controls can be exploited by malicious Web pages to perform remote code execution attacks. All products that include these controls will need to be updated immediately. MS12-028/KB2639185 - Important (Office 2007, Works 9, Works 6 - 9 File Converter): Opening a malformed Works file can perform a remote code execution attack. Microsoft has rated this as "important," but if you use Works or Office 2007, you will want to install it as soon as you can, I think.

Other Updates

KB2524478 - Update for 2008 R2 and W7 to correct network connections changing from "Domain" to "Public." KB2679255 - Fixes an issue with SQL Server in Vista, W7, 2008, and 2008 R2.

"The Usual Suspects": Updates to the Malicious Software Removal Tool and the Junk Email Filter.

Changed, but not significantly: none.

Updates since the last Patch Tuesday

There were no security updates released out-of-band.

Minor items added or updated since the last Patch Tuesday:

KB931125 - Root certification update.

Changed, but not significantly:

KB976932 - Windows 7 SP1.


Justin James is the Lead Architect for Conigent.

Editor's Picks