Windows optimize

It's Microsoft Patch Tuesday: December 2012

Deb Shinder gathers the information you need to make the right deploy decision when applying Microsoft's December 2012 patches in your organization.

2012 came in like neither a lion nor a lamb, but with a middle-of-the-road seven security patches. Now it appears that it's going out the same way. If you were hoping to get a break from patching for the holidays, that's not going to happen - but at least maybe you won't be working too late into the night to get all the updates applied.

Of the seven security bulletins December brings, five address critical vulnerabilities and two are important. Most (six) affect various versions of Windows, one also affects Internet Explorer and one impacts Office and some server products (Exchange and SharePoint). All require (or may require) a restart of the computers after application.

This blog post is also available in the PDF format in a TechRepublic Download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Security Patches

MS12-077/KB2761465 - Cumulative Security Update for Internet Explorer (Microsoft Windows, Internet Explorer). This critical update for IE 9 and 10 resolves three privately reported vulnerabilities in Internet Explorer. There is no severity rating for IE 6, 7 and 8. It affects all versions of Windows except the Server Core installation of Windows Server 2008, 2008 R2 and 2012.The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. Actual impact ranges from moderate for Windows Server 2008, 2008 R2 and 2012 to critical for Windows Vista, Windows 7, Windows 8 and Windows RT. There is no severity rating for systems running Windows XP.

MS12-078/KB2783534 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (Windows XP SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7/Windows 7 SP1, Server 2008 R2/Server 2008 R2 SP1, Windows 8, Windows RT, Server 2012. Includes Server Core installations). This update is rated critical for all versions of Windows except Server Core installations, where it is rated important. It addresses one publicly reported and one privately reported vulnerability, both of which have to do with font parsing (OpenType and TrueType) and the way kernel-mode drivers handle objects in memory. The vulnerabilities can allow remote code execution in all versions of Windows except Server Core installations, where they can allow elevation of privilege.

MS12079/KB2780642 - Vulnerability in Microsoft Word Could Allow Remote Code Execution (Microsoft Office 2003 SP3, Office 2007 SP2 and SP3, Office 2010 SP1, Microsoft Word Viewer, Microsoft Office Compatibility Pack SP 2 and SP3, SharePoint Server 2010 SP1, Office Web Apps 2010 SP1). This critical update resolves a privately reported vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Office software, or previews or opens a specially crafted RTF email message in Outlook while using Microsoft Word as the email viewer. This vulnerability is in Word, not Outlook, but Outlook is affected when Word is the email reader (which is the default in Outlook 2007 and 2010). This vulnerability does not affect Office for Mac (2008/2011), Word 2013/2013 RT or Office Web Apps 2013.

MS12-080/KB2784126 - Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (Exchange 2007 SP3, Exchange 2010 SP1 and SP2). This security update resolves publicly disclosed vulnerabilities and one privately reported vulnerability in Microsoft Exchange Server. The vulnerabilities are actually in Oracle Outside In libraries (third party code). The most severe vulnerabilities occur in Microsoft Exchange Server WebReady Document Viewing and could allow remote code execution. It is rated critical for all affected software. This update also contains non-security related functionalities. This does not affect Exchange Server 2003 SP2.

MS12-081/KB2758857 - Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (Windows XP SP3, Server 2003 SP2, Vista SP2, Server 2008, SP2, Windows 7, Server 2008 R2 and Server 2008 R2 SP1, including Server Core installation). This security update resolves a privately reported file name parsing vulnerability in Microsoft Windows that could allow remote code execution if a user browses to a folder that contains a file or subfolder with a specially crafted name. The attacker can gain the same rights as the currently logged on user. This is rated critical for all affected versions of Windows. It does not affect the final release versions of Windows 8, Windows RT or Server 2012; however, it does affect the release preview and release candidate versions of Windows 8 and Server 2012.

MS12-082/KB2770660 - Vulnerability in DirectPlay Could Allow Remote Code Execution (Windows XP SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 and Windows 7 SP1, Server 2008 R2 and Server 2008 R2 SP1, Windows 8, Server 2012 except Server Core installations). This security update resolves a privately reported vulnerability in Microsoft Windows that stems from the way the DirectPlay component handles specially crafted content. The vulnerability could allow remote code execution if an attacker convinces a user to view a specially crafted Office document with embedded content. The attacker could gain the same rights as the currently logged on user. This does not affect Windows RT nor the Server Core installation of Server 2008, 2008 R2 and 2012.

MS12=083/KB2765809 - Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (Windows Server 2008 R2 and Server 2012, including Server Core installations). This security update resolves a privately reported vulnerability in Microsoft Windows that could allow security features to be bypassed if an attacker presents a revoked certificate to an IP-HTTPS server commonly used in Microsoft DirectAccess deployments. The problem is with the way some versions of Windows check the validity of certificates. The attacker must use a certificate issued from the domain for IP-HTTPS server authentication. This is rated important for the affected software. It does not affect any Windows client operating systems and also does not affect Server 2003 with SP2 or Server 2008 with SP2 (including Server Core installation).

Other Updates/Releases

When it comes to non-security updates, this is a heavy month. There are eighteen updates in addition to the usual update to the MSRT.

KB2506143 - Windows Management Framework 3.0 for Windows 7 and Windows Server 2008 R2. This update provides updated management functionality for Windows 7 and Windows Server 2008 R2. Windows Management Framework 3.0 includes Windows PowerShell 3.0, WMI, and WinRM 3.0, along with other management features.

KB2506146 - Windows Management Framework 3.0 for Windows Server 2008. This update provides updated management functionality for Windows Server 2008. Windows Management Framework 3.0 includes Windows PowerShell 3.0, WMI, and WinRM 3.0, along with other management features.

KB2607607 - Language Packs for Windows 8. This language pack adds support for over forty languages to Windows 8. It includes updates for both x86 and x64 systems, and individual languages can be installed separately. After you install this language pack, you can change the display language to the one you just installed, by swiping in from the right edge of the screen (if you're using a touchscreen) or pointing to the upper-right corner of the screen and moving the mouse pointer down(if you're using a mouse) and tapping or clicking "Search." Enter "language", choose "Settings" and then tap or click "Language." Select the installed language pack, and then tap or click "Move up" until it's at the top of the list. Sign out and then sign back in to finish.

KB2607607 - Language Packs for Windows RT. This language pack adds support for 10 languages to Windows RT. It's installed in the same way as the one described above for Windows 8.

KB2748349 - Update for Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP. This update addresses various issues in many versions of Windows, and may require a restart of the computer.

KB2757007 - Update Rollup for Windows Small Business Server 2011 Essentials. This update resolves issues in Windows Small Business Server (SBS) 2011. It may require that you restart your computer.

KB2757011 - Update Rollup for Windows Home Server 2011. This update resolves issues in Windows Home Server 2011. It may require that you restart your computer.

KB2757013 - Update Rollup for Windows Storage Server 2008 R2 Essentials.

This update resolves issues in Windows Storage Server 2008 R2 Essentials. It may require that you restart your computer.

KB2760730 - Update for Windows 7, Windows Server 2008 R2, and Windows Server 2008. This update resolves issues in Windows 7 and Windows Server 2008/2008 R2. It may require that you restart your computer.

KB2761494 - Update for Windows Server 2008 and Windows Vista. This update resolves issues in Windows Server 2008 and Windows Vista. It may require that you restart your computer.

KB2771431 - Update for Windows RT. This update resolves issues in Windows RT. It may require that you restart your computer.

KB2774195 - Update for Windows 8, Windows RT, and Windows Server 2012. This update resolves issues in the latest versions of Windows. It may require that you restart your computer.

KB2769166 - Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012. This update enables Windows 8 to repair a damaged Windows 8 machine or enable a feature that has had its payload removed.

KB2779444 - Update for Microsoft Camera Codec Pack for Windows 8 and Windows RT. This update enables the viewing of a variety of device-specific file formats and will allow supported RAW camera files to be viewable in applications in Windows 8 and Windows RT. It may require that you restart your computer.

KB2779562 - Update for Windows This update resolves issues caused by revised daylight saving time and time zone laws in several countries and enables your computer to automatically adjust the computer clock on the correct date in 2012. It may require that you restart your computer.

KB2779768 - Update for Windows 8, Windows RT, and Windows Server 2012. This is another update to resolve issues in Windows. It may require that you restart your computer.

KB2780541 - Update for Windows 8, Windows RT, and Windows Server 2012. This is another update to resolve issues in Windows. It may require that you restart your computer.

KB931125 - Update for Root Certificates for Windows 8, Windows Server 2012, Windows 7, Windows Server 2008, Windows Vista, and Windows XP. This is an update to the list of root certificates on your computer to conform to the list that is accepted by Microsoft as part of the Microsoft Root Certificate Program. After you install this update, you may have to restart your computer. Note that once you have installed this item, it cannot be removed.

KB890830 - Windows Malicious Software Removal Tool - December 2012 KB890830 - Windows Malicious Software Removal Tool - December 2012 Internet Explorer Version. These are the monthly updates to the Windows MSRT, which will check your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and help remove any infection that is found.

Updates since the last Patch Tuesday

Quite a few non-security updates have been issued between the November and December Patch Tuesdays.

KB2771431 - Update for Windows 8 and Windows Server 2012. This update resolves issues in Windows 8 and Server 2012, including an issue with high CPU usage when running a Windows Update applicability scan, duplicate CBS entries when running a Windows Update applicability file, a scenario where updates are not installed, a scenario where drivers are not updated, and other issues pertaining to Windows Update problems. It may require that you restart your computer.

KB2762895 - Update for Windows 7, Windows Server 2008 R2, and Windows Server 2008. This update resolves a set of known application compatibility issues with Windows. It may require that you restart your computer.

KB2764462 - Update for Windows 8 and Windows Server. This update resolves a set of known application compatibility issues with Windows 8 and Windows Server 2012 and improves the user experience. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. It may require that you restart your computer.  (http://support.microsoft.com/kb/2764462)

KB2774223 - Dynamic Update for Windows 8 and Windows Server 2012. This update under Windows 8 Dynamic Update Category is used by Windows 8 and Windows Server 2012 to obtain critical driver, component and setup improvements during initial setup. (http://support.microsoft.com/kb/2774223)

KB2774225 - Dynamic Update for Windows 8 and Windows Server 2012. This update  is another in the the Windows 8 Dynamic Update Category that is used by Windows 8 and Windows Server 2012 to obtain critical driver, component and setup improvements during initial setup.  (http://support.microsoft.com/kb/2774225)

KB2777294 - Update for Windows 8. This update resolves issues in Windows 8, wherein the Program Compatibility Assistant dialog box appears when you start a desktop app from the Autoplay dialog box. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.  (http://support.microsoft.com/kb/2777294)

KB2784532 - Update for Windows 8. This update resolves issues in Windows pertaining to licensing terms on an OEM version of Windows 8. It may require that you restart your computer.  (http://support.microsoft.com/kb/2784532)

KB947821 - System Update Readiness Tool for Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista [November 2012]. This tool is being offered because an inconsistency was found in the Windows servicing store which may prevent the successful installation of future updates, service packs, and software. This tool checks your computer for such inconsistencies and tries to resolve issues if found.

About

Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 add...

6 comments
Dan Messenger
Dan Messenger

I've installed this on Server 2012 Essentials and am now getting a warning that I have too many certificates! (Event ID 36885 / Schannel): "When asking for client authentication, this server sends a list of trusted certificate authorities to the client. The client uses this list to choose a client certificate that is trusted by the server. Currently, this server trusts so many certificate authorities that the list has grown too long. This list has thus been truncated. The administrator of this machine should review the certificate authorities trusted for client authentication and remove those that do not really need to be trusted." A quick look in certmgr.msc shows 359 certificates for "Trusted Route Certificate Authorities". ... but how to know which ones can be safely removed?

jonc2011
jonc2011

Maybe 3 flags install, 2 maybe, 1 don't?

Mark W. Kaelin
Mark W. Kaelin

Are the Microsoft patches giving you trouble this month? Maybe your peers can help - describe the problems you are having.

Mark W. Kaelin
Mark W. Kaelin

The flags indicate critical, important, can wait. Readers asked for a quick visual guide several years ago. The exclamation point means there is some special condition that you should be aware of.

dave
dave

All my other SharePoint sites are all ok. Just the one using HTTPS and only when accessed through the load balancer. If I route direct either by IP or modified hosts file its all fine.