Software

It's Microsoft Patch Tuesday: July 2012

Justin James gathers the information you need to make the right deploy decision when applying Microsoft's July 2012 patches in your organization.

Folks, it is official: Windows 8 launches in the beginning of August, so no doubt you will soon be seeing "W8" and "W8RT" in the affected OS list! Speaking of W8, the Microsoft Knowledge Base has been totally Metro-fied for better or for worse. This month's Patch Tuesday was run-of-the-mill, though I was disappointed to see a return of the "opening a document on a network location can allow remote code execution attacks" problem that we've seen so many patches for.

This blog post is also available in the PDF format in a TechRepublic Download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Security Patches

MS12-043/KB2722479 - Critical (XP, Vista, W7, 2003, 2008, 2008 R2, Office 2003, Office 2007, Office Word Viewer, Office Compatibility Pack, Expression Web 1, Expression Web 2, Office SharePoint Server 2007, Office Groove Server 2007): The XML Core Services, which are used in a ton of different things, have a bug parsing data which makes folks vulnerable to remote code execution attacks, simply by visiting a Web page with malicious content on it. You should install this patch immediately. MS12-044/KB2719177 - Critical (IE9): Specially crafted Web pages can perform remote code execution attacks in IE9; this patch fixes two of these bugs. Again, get this installed ASAP. MS12-045/KB2698365 - Critical (XP, Vista, W7, 2003, 2008, 2008 R2): Flaws in the Data Access Components allow for - you guessed it, remote code execution attacks when - you guessed it again, the user visits a malicious Web page. Get this one installed as soon as you can. MS12-046/KB2707960 - Important (Office 2003, Office 2007, Office 2010, and Visual Basic for Applications): My arch nemesis, who I thought was long gone, is back. That's right, opening Office documents from a network location can allow code in a DLL from that location to be run as well. The victim this time is VBA, the underpinnings of Office macros. Microsoft calls this "important" but I know that folks open Office documents all the time and run the macros without thinking, so you might want to consider this a higher priority patch. MS12-047/KB2718523 - Important (XP, Vista, W7, 2003, 2008, 2008 R2): Locally logged on users can run a specially crafted application to get upgraded privileges, thanks to a bug in the kernel mode drives. Install this patch on your normal schedule to fix the issue. MS12-048/KB2691442 - Important (XP, Vista, W7, 2003, 2008, 2008 R2): Opening a file with a file name that has a specially crafted name could perform remote code execution attacks. Microsoft gives this an "important" rating, but I am sure lots of people will be fooled into falling for it. Patch this quickly. MS12-049/KB2655992 - Important (XP, Vista, W7, 2003, 2008, 2008R2): Attackers intercepting network traffic encrypted with TLS can decrypt it if it uses the CBC mode. Since it's now very easy to intercept WiFi network traffic on public networks, you'll want to patch this very fast. MS12-050/KB2695502 - Important (InforPath 2007, InfoPath 2010, Office SharePoint Server 2007, Office SharePointServer 2012, Groove Server 2012, Windows SharePoint Services 3.0, SharePoint Foundation 2012, and Office Web Apps 2010): Various SharePoint products have an URL handling issue that can allow a user with a malformed URL to gain privileges they should not have. Install this patch if you use SharePoint. MS12-051/KB2721015 - Important (Office for Mac 2011): Locally logged on users can run an application which attacks Office to escalate privileges. This patch also has a number of other improvements in it, so it is worth installing if you are a Mac user.

Other Updates

KB2728973 - Update to prevent unauthorized certificates from allowing spoofing.

"The Usual Suspects": Updates to the Malicious Software Removal Tool.

Changed, but not significantly:

  • KB2677070 - Update for Vista, W7, 2008, 2008 R2
  • KB977238 - Update to the Best Practices Analyzer for Hyper-V
  • MS11-044/KB2518864 - Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP
  • MS11-078/KB2572073 - Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP
  • MS12-035/KB2604111 - Security Update for Microsoft .NET Framework 3.5 SP1 on Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP
  • MS12-016/KB2633880 - Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP
  • MS11-100/KB2657424 - Security Update for Microsoft .NET Framework 3.5 SP1 on Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP

Updates since the last Patch Tuesday

There were no security updates released out-of-band.

Minor items added or updated since the last Patch Tuesday: none.

Changed, but not significantly:

About

Justin James is the Lead Architect for Conigent.

11 comments
za5g
za5g

On the windows updates settings (Win7Ent+SP1) I set "Download updates, but let me choose whether to install them". This morning, I was through VPN on a remote desktop session on a server. After terminating the session, I notice that after installing all windows updates, windows is waiting to restart - 11 minutes remaining!!! I check the windows update settings if they in some manner changed - still same manual install. After restarting and logging on, I checked again the windows settings and they are again the same "Download updates, but let me choose whether to install them"! I did not believe to my eyes and I dont have any explanation to this, but my computer is working normally.

davidjbell
davidjbell

I've learned to live with Outlook 2007 'not responding' with my Win 7; particularly after coming out of Standby but since yesterday it appears to be even worse

dyanne2
dyanne2

My pc with XP ran for 5 minutes after the patches were installed then shut itself down and rebooted 3 times. I was about to do a system restore, and it stayed on that time.

decimalhead
decimalhead

did a restore...now i have to re update windows...

decimalhead
decimalhead

My copy and paste no longer works....

davidibaldwin
davidibaldwin

On two of my eight Windows XP/SP3 computer, the Windows update site tries to install some new installer software that crashes IE8. The Automatic update that does not use Internet Explorer works fine but I can't get any other updates at this time. The only thing I can find in common between the two, one is XP Home, the other is XP Pro, is that both have a system directory that is not C:\Windows due to the need to re-install Windows on each of them. All the other computer use C:\Windows as the system directory. Note: One computer was fixed with a Fixit from Microsoft. The other is still broke.

nikthiemann
nikthiemann

PC stuck preparing....preparing & not going anywhere

sysop-dr
sysop-dr

I would love to see an example. Thanks Justin for your monthly roundup.

Mark W. Kaelin
Mark W. Kaelin

Are the Microsoft patches giving you trouble this month? Maybe your peers can help - describe the problems you are having.

Justin James
Justin James

Obviously Microsoft isn't giving away examples, but I was... floored... to put it mildly when I read the bulletin. Glad you find them helpful! J.Ja

jcbronson
jcbronson

I'd be interested in an example, too. This reminds me of the good old days where the .com filename extension, easily disguised as a URL, was used to execute malicious software. With that one, the two-edged sword was we had disabled hidden extensions so users wouldn't get tricked into opening the *.jpg.exe files - doh! Initial observation: Nothing "broken" by this month's updates (so far). Happy patching, everyone.