Software

It's Microsoft Patch Tuesday: July 2012

Justin James gathers the information you need to make the right deploy decision when applying Microsoft's July 2012 patches in your organization.

Folks, it is official: Windows 8 launches in the beginning of August, so no doubt you will soon be seeing "W8" and "W8RT" in the affected OS list! Speaking of W8, the Microsoft Knowledge Base has been totally Metro-fied for better or for worse. This month's Patch Tuesday was run-of-the-mill, though I was disappointed to see a return of the "opening a document on a network location can allow remote code execution attacks" problem that we've seen so many patches for.

This blog post is also available in the PDF format in a TechRepublic Download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Security Patches

MS12-043/KB2722479 - Critical (XP, Vista, W7, 2003, 2008, 2008 R2, Office 2003, Office 2007, Office Word Viewer, Office Compatibility Pack, Expression Web 1, Expression Web 2, Office SharePoint Server 2007, Office Groove Server 2007): The XML Core Services, which are used in a ton of different things, have a bug parsing data which makes folks vulnerable to remote code execution attacks, simply by visiting a Web page with malicious content on it. You should install this patch immediately. MS12-044/KB2719177 - Critical (IE9): Specially crafted Web pages can perform remote code execution attacks in IE9; this patch fixes two of these bugs. Again, get this installed ASAP. MS12-045/KB2698365 - Critical (XP, Vista, W7, 2003, 2008, 2008 R2): Flaws in the Data Access Components allow for - you guessed it, remote code execution attacks when - you guessed it again, the user visits a malicious Web page. Get this one installed as soon as you can. MS12-046/KB2707960 - Important (Office 2003, Office 2007, Office 2010, and Visual Basic for Applications): My arch nemesis, who I thought was long gone, is back. That's right, opening Office documents from a network location can allow code in a DLL from that location to be run as well. The victim this time is VBA, the underpinnings of Office macros. Microsoft calls this "important" but I know that folks open Office documents all the time and run the macros without thinking, so you might want to consider this a higher priority patch. MS12-047/KB2718523 - Important (XP, Vista, W7, 2003, 2008, 2008 R2): Locally logged on users can run a specially crafted application to get upgraded privileges, thanks to a bug in the kernel mode drives. Install this patch on your normal schedule to fix the issue. MS12-048/KB2691442 - Important (XP, Vista, W7, 2003, 2008, 2008 R2): Opening a file with a file name that has a specially crafted name could perform remote code execution attacks. Microsoft gives this an "important" rating, but I am sure lots of people will be fooled into falling for it. Patch this quickly. MS12-049/KB2655992 - Important (XP, Vista, W7, 2003, 2008, 2008R2): Attackers intercepting network traffic encrypted with TLS can decrypt it if it uses the CBC mode. Since it's now very easy to intercept WiFi network traffic on public networks, you'll want to patch this very fast. MS12-050/KB2695502 - Important (InforPath 2007, InfoPath 2010, Office SharePoint Server 2007, Office SharePointServer 2012, Groove Server 2012, Windows SharePoint Services 3.0, SharePoint Foundation 2012, and Office Web Apps 2010): Various SharePoint products have an URL handling issue that can allow a user with a malformed URL to gain privileges they should not have. Install this patch if you use SharePoint. MS12-051/KB2721015 - Important (Office for Mac 2011): Locally logged on users can run an application which attacks Office to escalate privileges. This patch also has a number of other improvements in it, so it is worth installing if you are a Mac user.

Other Updates

KB2728973 - Update to prevent unauthorized certificates from allowing spoofing.

"The Usual Suspects": Updates to the Malicious Software Removal Tool.

Changed, but not significantly:

  • KB2677070 - Update for Vista, W7, 2008, 2008 R2
  • KB977238 - Update to the Best Practices Analyzer for Hyper-V
  • MS11-044/KB2518864 - Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP
  • MS11-078/KB2572073 - Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP
  • MS12-035/KB2604111 - Security Update for Microsoft .NET Framework 3.5 SP1 on Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP
  • MS12-016/KB2633880 - Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP
  • MS11-100/KB2657424 - Security Update for Microsoft .NET Framework 3.5 SP1 on Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP

Updates since the last Patch Tuesday

There were no security updates released out-of-band.

Minor items added or updated since the last Patch Tuesday: none.

Changed, but not significantly:

About

Justin James is the Lead Architect for Conigent.

Editor's Picks