Security

It's Microsoft Patch Tuesday: August 2012

Justin James gathers the information you need to make the right deploy decision when applying Microsoft's August 2012 patches in your organization.

This was a really bad month for Microsoft and security, including security problems in a common controls library and Microsoft Exchange Server. There are a lot of "install immediately" patches here, so you'll want to brew up a fresh pot of coffee.

It is also with a fair amount of sadness that I have to say that this is likely to be my final Patch Tuesday article due to changes in my work status. I truly have enjoyed writing this article monthly for about four years now. This does not mean that the Patch Tuesday articles are coming to a close, just that another contributor will be taking over the responsibility of writing them. I would like to thank each and every one of you for making their series the success that it has been, and TechRepublic's Mark Kaelin for asking me to start writing these all of those years ago.

This blog post is also available in the PDF format in a TechRepublic Download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Security Patches

MS12-052/KB2722913 - Critical (IE6, IE7, IE8, IE9): This patch resolves four security vulnerabilities in Internet Explorer, which can allow remote code execution attacks launched trough malformed Web pages. Active X and similar technologies do not seem to be the culprit here. You should apply this patch immediately. MS12-053/KB2723135 - Critical (XP): XP systems can be sent a stream of data over Remote Desktop Protocol (RDP) that can allow for a remote code execution attack. Apply this fix to those systems to close the hole. MS12-054/KB2733594 - Critical (XP, Vista, W7, 2003, 2008, 2008 R2): Four vulnerabilities in the Windows networking stack (including one that can be activated by sending bad packets to the print spooler) are fixed by this patch. Install it as soon as you can. MS12-055/KB2731847 - Important (XP, Vista, W7, 2003, 2008, 2008 R2): A locally logged on user can run an application to escalate their privileges; this patch fixes the issue. This can wait until your normal patch time. MS12-056/KB2706045 - Important (XP x64, Vista x64, W7 x64, 2008 x64, 2008 R2 x64, 2008 R2 IA64): A problem with the VBScript and JScript engines in 64 bit versions of Windows leads to remote code execution vulnerabilities that Web pages can take advantage of. Microsoft rates this as "important" but I would suggest that you install the patch with urgency. MS12-057/KB2731879 - Important (Office 2007, Office 2012): Opening Office files that have been malformed or contain a malformed Computer Graphics Metafile (CGM) can allow for remote code execution attacks. You will want to install the patch as soon as you can due to the commonality of Office documents. MS12-058/KB2740358 - Critical (Exchange 2007, Exchange 2010): It's rare to see a security bug in Microsoft Exchange, but here we are with one. If someone views a document via Outlook Web Access (OWA) with the WebReady document Viewing system, it can attack the Exchange server. To make it worse, the vulnerability is publicly disclosed. Install this patch as soon as you can if you are running an Exchange server. MS12-059/KB2733918 - Important (Visio 2010, Visio Viewer 2010): Opening up a Visio file can allow remote code execution attacks. This is another case where the file format is common enough to justify installing this ahead of schedule. MS12-060/KB2720573 - Critical (Office 2003, Office 2007, Office 2010, SQL Server 2000, SQL Server 2005, SQL Server 2008, SQL Server 2008 R2, Commerce Server 2002, Commerce Server 2007, Commerce Server 2009, Commerce Server 2009 R2, Host Integration Server 2004, Visual FoxPro 8.0, Visual FoxPro 9.0, VB 6.0 Runtime): the Windows Common Controls can allow for remote code execution attacks when viewing malformed Web pages; this affects a huge number of products, and the various patches (there will be many, many patches for the same issue here) should all be installed as swiftly as you can.

Other Updates

KB2608659 - Update to fix issues with Single Instance Storage (SIS) for 2008 R2 that may lose or corrupt data. KB2647753 - Update rollup for printing in W7 and 2008 R2. KB2705117 - Update rollup for a variety of bugs in Small Business Server 2011 Essentials. KB2705118 - Update Rollup 3 for Windows Home Server 2011. KB2705122 - Update rollup for a variety of bugs in Storage Server 2008 R2 Essentials. KB2719857 - Fixes problems connecting to 3G or 4G networks over USB in W7 and 2008 R2. KB2729094 - Updates the Symbol font in W7 and 2008 R2 with new symbols. KB2732487 - Resolves an issue where resuming from sleep or hibernation on W7 gives error "0x0000000a." KB2732500 - Corrects an "E_UNEXPECTED 0x8000ffff" error when using System Restore on W7.

"The Usual Suspects": Updates to the Malicious Software Removal Tool.

Changed, but not significantly:

  • KB982861 - IE9 language pack for W7 x64

Updates since the last Patch Tuesday

There were no security updates released out-of-band.

Minor items added or updated since the last Patch Tuesday: none.

Changed, but not significantly:

About

Justin James is the Lead Architect for Conigent.

42 comments
chance3377
chance3377

I have a Win7 32 bit PC and my husband has a Win7 64 bit. I installed the updates and then my Internet access didn't work. i knew it wasn't the provider or modem since my husband was still on line. He didn't install updates yet. I went back to the restore point and everything works. I don't have the time to spend an hour or more doing these 1 at a time. So for now, I'll leave it as it was.

janetb
janetb

I had 14 updates on Aug 14. They downloaded and installed fine, but ALL my font settings changed (Desktop, Windows Explorer,"Windows Live Mail" Tree pane, Messages pane, tool bars, IE8, etc.). Also prevented at least one program from opening. I reverted with Syst Restore and got all back to the way it was. Tried a second time,with the same bad results....Did the System Resore again and got everything back. How can I know which update files caused the problem without having to install all 14 separately with a reboot each time??? Would it be terrible not to install them? I could not find out through searches how to change back all the fonts in all the places they changed, since I don't have Windows 7 Basic theme (many of the font-setting options are grayed out). Thanks for any advice!

jlehman
jlehman

I have not had any problems with the XP or Windows 7 updates but had several failed updates on Server 2008R2. They installed the second time around so there could be a compatibility issue. The updates, 2731847, 27006045, 2715808 and 2647753.

mdds8289
mdds8289

One machine is hanging on patch 5 of 16. It's been "Installing update 5 of 16..." for over 12 hours. The window also says not to turn off or unplug your machine while installing updates. How do I fix this problem? Anybody have any advice? Many thanks.... David Update: Disregard. I took a deep breath and did a force shutdown/reboot. It took some time and a couple of reboots, but the problem worked itself out. Whew....

ppoindex
ppoindex

There were two updates, KB2596615 & KB 2596856 that keep failing on my Vista system but not my XP or Win 7 laptop. They have to do with Office. I have an older version. I tried to download and install them manually from the Microsoft site and I think that may have caused a big issue with my PC. I finally got it to boot up. That's the only thing I did that may have almost ruined my PC Startup. I tired to find help on the Microsoft site but to no avail. The error message I received was to do with 80070641. I finally have had to "hide" the updates to keep my PC from wanting to update then just to fail again and again. Thanks for any hints or help.

smiller
smiller

This patch caused mass failure of a number of updates, and when I attempted to install it by itself it rendered my laptop unbootable. It took several tries with a system recovery CD and system restore before I could get the thing uninstalled and hide that update. I'd be curious to know if anyone else experienced the same problem. System: HP dv8t, Win 7 Pro 24 bit, 8 GB RAM, 500 GB and 750 GB hard drives.

HAL 9000
HAL 9000

On XP, 7 or the Beta of 8 everything installed easily and just worked. Of course the proof of the pudding is in what these updates broke if anything which I've yet to run across. Looks as if I have a few heavy Test Sessions in front of me to check this out. :^0 And sorry to see you go JJ but I hope that everything for you is Onwards and Upwards if that's what you want. ;) Col

elmarioc
elmarioc

Did Justin James go to sleep for 48 straigh hours before putting out his blog? Tech Republic delivered "It's Microsoft Patch Tuesday: August 2012" today, Aug. 15, at 8:31 AM. What use do I have for his 'recomendations' if I already installed (yesterday Aug. 14) the patches MS listed for my computers??

Marty-7
Marty-7

You don't say if you're leaving TR or just giving up this column, but I've enjoyed all your articles. Thanx and good luck with whatever your future brings you.

Deadly Ernest
Deadly Ernest

which is having issues. Some years ago there was a problem with patches to one version but the other was OK.

colgarcia
colgarcia

Patches failed and had to be backed out. It was scary until I was able to start in safe mode. Don't believe the patches took.

PurpleSkys
PurpleSkys

when folks either don't get their updates or have trouble installing them. I run Win 7 Pro 64 bit on an Asus system Intel Quad Core 2.33GHz with 8 gig ram (she's a smoking little machine). I keep her cleaned up weekly with Ccleaner, malwarebytes, and spybot S & D and use Avast Free A/V for my anti virus. Come the second Tuesday of every month, my updates are generally sitting there by early evening (Atlantic Canadian Time) if not before and they pretty much always install without an issue.

dingbat01
dingbat01

I eventually managed to get all patches installed by installing them one-by-one. Each has a restore point, reboot and two passwords each (TruCrypt System partition and Windows). 56 Minutes. What a waste. Did MS forget a prerequisite chain or something? I cannot imagine doing this for 500 PC's in the office workplace...what a disaster... regards

Who Am I Really
Who Am I Really

is actually getting them to download it's 21:08 here now and no sign the updates anywhere even poking my nose into "C:\Windows\SoftwareDistribution\..." the last thing I got was the MSE definition update yesterday on XP they don't usually appear until after Thursday or Friday one month I waited almost three weeks before the system tray notification appeared these win 7 systems seem to get them a bit quicker but I've yet to see them actually arrive on Tuesday

Mark W. Kaelin
Mark W. Kaelin

Are the Microsoft patches giving you trouble this month? Maybe your peers can help - describe the problems you are having.

Deadly Ernest
Deadly Ernest

and has no worries due to his firewall and web proxy device. but I doubt the average user could get away with it.

JCitizen
JCitizen

and obfuscates their support links to no end. But once you get the right 800 number, they finally have to fess up and admit they owe you free support on every messed up update. I think they deserve to pay the cost for making us their guinea pigs.

lehnerus2000
lehnerus2000

That update wouldn't install properly on my PC (W7 Ultimate 64 bit). It appears in the Update History (successful). It doesn't appear in the Installed Updates. Windows Update kept offering it to me (for several hours). It seems to have given up now though. :) Since I always create a backup image before installing updates, I'm debating whether or not to reinstall my pre-update image and try again.

Justin James
Justin James

The article was posted to the site within 4 hours of Microsoft publicly releasing the information (and it only took that long because some of the KB articles took hours to show up). But the newsletters get sent on a nightly schedule. The best way to ensure that you get this article in a timely fashion is to subscribe to the RSS feed. J.Ja

Justin James
Justin James

I'll still be writing for TechRepublic, just not this series anymore. My current job duties make it very difficult for me to write this article as soon as the information comes out (1 PM Eastern time). It's a scramble as it is to get it to Mark and him to edit/publish before the close of business on the east coast, and I'd hate to let anyone down because I'm jammed up when the information comes out. As much as I enjoy this article, and like being able to help the community out with this, I would rather pass the torch to someone who can ensure timely delivery of the article than to let folks down. J.Ja

JCitizen
JCitizen

but not this one. That last one destroyed my network, so I restored the image from backup and ran the update again, and voila! No problems( well I lie - I still got error 815 when trying to use a direct connection to DSL using a PPPoE modem - but all was fine after connecting to the gateway - go figure).

sarai1313
sarai1313

i have never had problems with windows update. i guess at least i do someting right.

lwetzel
lwetzel

This is the norm for me but this time was not one of the norms.

lwetzel
lwetzel

That was the answer here also. Had to do it on all my machines separately and reboot after darn near everyone. But I'm set for another month. This was not the usual thing though so I have to agree something was not set right.

Justin James
Justin James

... setting up a WSUS server. If you have enough machines to have an AD domain, it is well worth the hassle (it's not much work to set it up, just have a BIG hard drive for the packages to sit on). My WSUS servers seem to get the updates within hours, not days like many report with standalone PCs. J.Ja

lewishmorgan
lewishmorgan

Other than the malware remover, there were 5 August security patches for XP: KB2705219....2712808....2723135....2731847....2722913 After downloading all at once, one or some combination of them resulted in XP's practically ceasing to function, with various windows taking several minutes to open or not at all, programs not responding, and the Control Panel window very slow to appear and then not fully functioning. Other local users (both Win 7 and XP) also reported problems. To remove the updates I used safe mode/CP, and, after restarting, XP at first appeared to be back to normal, but with more use it appeared to be quite sluggish - possibly removing the patches did not undo all the changes they made. To make sure, I formatted the drive and restored from a backup made before Patch Tuesday - the result was a substantial improvement in overall performance speed, back to normal. Others have said that installing the patches one at a time with rebooting each time was successful, but I have to wonder if they made any before and after speed comparisons. I think I will wait before trying to install them again - hopefully, Microsoft will hear all the complaints and replace them with improved versions.

burkele
burkele

NI. Don't know if anyone else has encountered this issue, but after installing the August 2012 patches on my two PC's, neither will go into sleep mode. They are sort of cataonic (screen is black): on but utterly unresponsive... Sound familar?? Cheers. Eric

Deadly Ernest
Deadly Ernest

want to dance around the room that I no longer have that problem.

dingbat01
dingbat01

same as others: When rebooting, I get the following error during the configuration stage; it make it to 15%. "Failure Configuring Windows Updates Reverting Changes Do not turn off your computer" My computer then restarts. When I get back to my desktop, I again receive the message that I have updates to install. How do I fix this and get the updates to install? Win7 Ultimate 64-bit Following are the updates that do not install: KB2722913 KB2705219 KB2712808 KB2731847 KB2647753 KB2729094 KB2732487 KB2732500 regards

Deadly Ernest
Deadly Ernest

sorry, mate, but if you are going to give me such a straight line, how can you expect me to leave it alone.

janetb
janetb

What is the right 800 number...:-)....???

JCitizen
JCitizen

from now on. It is a lot faster than trying those worthless restores. Trying to uninstall them directly has definitely ended in disaster - hence another good reason to simply restore image backup. Takes me about 20 minutes.

mbaumli
mbaumli

I have been running WSUS for years on a non AD network, it's well worth the hassle and really doesn't take all that many resources other than a more than a few GB of disk space. With Windows 2012 Standard coming out and supporting two VMs, one should consider using using at least one of those VMs for a WSUS server. Although I do have a lot of CPU usage on my own, but I am also managing AV from that same server.

Deadly Ernest
Deadly Ernest

want everyone off XP and into Win 7 or Win 8, and the best way to do that is to make XP unworkable.

loucostello
loucostello

Same problem with 15% install. Tried fix-it and failed. What finally worked for me was to install the patches one at a time, in the order you listed. KB2722913 KB2705219 KB2712808 KB2731847 KB2647753 KB2729094 KB2732487 KB2732500 Requires a restart after each patch, although it says not required for the final one, there is still the yellow shield on the shutdown button, so restarted for that one too. Took about an hour and a half. All patches installed, none so much as burped, so I have no idea which patch caused the problem. For reference, my system is: Microsoft Windows 7 Home Premium Good luck.

nick.harrison
nick.harrison

Win7 Pro 64-bit - all our office updates failed in the same way & Fix-it failed to resolve the issue, so we're screwed unless the update resolves itself next month maybe.

boba
boba

I had the exact same problem. After running "Mr. Fix-it" from Microsoft, all but KB2647753 go installed. I got to the "Mr. Fix-it" software by clicking on "Troubleshoot ..." in the Windows Update window.

JCitizen
JCitizen

1-800-MICROSOFT sorry it took so long; I've been moving.

lehnerus2000
lehnerus2000

It only takes ~7 minutes to re-image my W7 partition. XP and Ubuntu are smaller and therefore restore much faster. It normally takes multiple times as long (searching the Internet) to find useful information about how to fix a problem. Then you have to actually implement the fix. :(

Who Am I Really
Who Am I Really

I've got tons of HDDs what I don't have is any recent server hardware or server OS the only server class machine I have is a (c.2000) SuperMicro 370DL3 dual socket P-III when I got it the OS was NT4 with a multiple trojan virus infection so I wiped it clean and installed win2K-Pro

frankerin
frankerin

I can't fix it despite the fixit function, the troubleshooting files and the assorted downloads offered. NOthing works, Yet occasionally an automatic download appears. Today a download important came down SIX TIMES along with a recommended file in tandem. I have no protection other than a setup file from an dvd which I never got or a reinstall. And I don't trust Microsoft enough even to try

Editor's Picks