Security

It's Microsoft Patch Tuesday: February 2012

Justin James gathers the information you need to make the right deploy decision when applying Microsoft's February 2012 patches in your organization.

One unique thing about this month's Patch Tuesday is the rash of update rollups for the second-level Windows Server products like Home Server and Storage server. The out-of-band updates were zero, with only minor metadata changes to a few Internet Explorer installation packages. There is yet another very serious vulnerability in Silverlight too. Given its lack of market penetration, I recommend at this point that you disable it unless you need it or restrict it to run only on trusted Web sites.

This blog post is also available in PDF format in a TechRepublic download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Security Patches

MS12-008/KB2660465 - Critical (XP, Vista, W7, 2003, 2008, 2008 R2): Two exploits in kernel mode drivers can allow maliciously crafted Web sites and drivers to perform remote code execution attacks. To make it worse, one of these exploits is publicly known. Install this patch ASAP. MS12-009/KB2645640 - Important (XP, Vista, W7, 2003, 2008, 2008 R2): The Ancillary Function Driver has a pair of flaws that can allow a locally logged-on user to gain administrative privileges with a specially made application. Install this patch during your normal patch time to close the holes. MS12-010/KB2647516 - Critical (IE6, IE7, IE8, IE9): This is a cumulative update for Internet Explorer that patches four security bugs and one nonsecurity bug. The worst of the security issues can allow remote code execution by viewing malicious Web pages. Install this patch as soon as you can. MS12-011/KB2663841 - Important (SharePoint Server 2010, SharePoint Foundation 2010): SharePoint has three similar vulnerabilities that can allow a malicious link to be created that will allow a third-party page to issue commands to SharePoint on behalf of the user's SharePoint session. Install this patch on your SharePoint servers as needed. MS12-012/KB2643719 - Important (2008, 2008 R2): The color control panel on 2008 and 2008 R2 machines can be manipulated by a maliciously made color profile file to open a DLL on a remote drive share and execute code. This is a rare scenario, and the DLL gets only the locally logged-on user's rights; the patch install can wait until your usual schedule. MS12-013/KB2654428 - Critical (Vista, W7, 2008, 2008 R2): Opening a malformed media file can allow remote code execution attacks to be performed, granting the rights of the logged-on user. The issue is in a runtime library that many applications depend on. Applications that statically link to Msvcrt.dll will need to be recompiled against the updated DLL. You will want to install this patch immediately. MS12-014/KB2661637 - Important (XP): the Indeo Codec that ships with XP has the same vulnerability with opening files in the same directory as a malicious DLL that we've seen in many other pieces of Windows lately. Install this patch when you install other patches. MS12-015/KB2663510 - Important (Visio Viewer 2010): The Microsoft Visio Viewer 2010 component can allow remote code execution vulnerabilities to be performed through malformed Visio files. If you use the Visio Viewer, install this patch. MS12-016/KB2651026 - Critical (.NET Framework 2.0, .NET Framework 3.5.1, .NET Framework 4.0): Windows PCs set up to run Silverlight apps or XAML Browsers Applications (XBAPs) can be exploited to perform remote code execution attacks. One of the vulnerabilities addressed by this update is publicly disclosed. You really should install this patch as soon as you can.

Other updates

KB2600217 - .NET Framework 4 reliability update. KB2603469 - Update for Windows 2008 and 2008 R2 that allows a system state backup to back up private CA keys. This is critical for backing up servers with the Active Directory Certificate Services role. KB2626067 - Update rollup 1.1 for Windows MultiPoint Server 2011. KB2630429 - Update rollup for Windows Small Business Server 2011 Essentials. KB2630434 - Update rollup for Windows Home Server 2011. KB2630436 - Update rollup for Windows Storage Server 2008 R2. KB2640148 - Update for W7 and 2008 R2 to resolve a problem where expanding mapped drives could crash Windows Explorer. KB2660075 - Update for W7 and 2008 R2 to fix a rare problem changing the time zone.

"The Usual Suspects": Updates to the Malicious Software Removal Tool and the Junk Email Filter.

Changed, but not significantly: None.

Updates since the last Patch Tuesday

There were no security updates released out-of-band.

Minor items added or updated since the last Patch Tuesday: none.

Changed, but not significantly:

About

Justin James is the Lead Architect for Conigent.

Editor's Picks