Security optimize

It's Microsoft Patch Tuesday: June 2012

Justin James gathers the information you need to make the right deploy decision when applying Microsoft's June 2012 patches in your organization.

The big news for June is the "Flame" virus. This thing is a total mess. The good news is, its intended use and targets are very specific, and chances are, if you are reading this, you aren't them (unless you are a member of certain Middle Eastern governments). The most disturbing thing for the general public is that its creators were able to forge certificates for Windows Update, but to exploit them, attackers would need to do a man-in-the-middle attack (typically done through pointing to a malicious DNS server, or attacking DNS servers) to point users to a bad Windows Update server. That's not exactly a small task, and Microsoft has already released a patch to revoke the bad certificates.

In better news, though, there was not a single security patch for Microsoft Office! Other than the annual December slow down, I do not recall this happening in a very, very long time.

This blog post is also available in the PDF format in a TechRepublic Download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Security Patches

MS12-036/KB2685939 - Critical (XP, Vista, W7, 2003, 2008, 2008 R2): A flaw in Remote Desktop Protocol (RDP) allows attackers to perform remote code execution attacks. How many Windows servers allow RDP (even through the firewall)? An awful lot - get this patched ASAP. MS12-037/KB2699988 - Critical (IE6, IE7, IE8, IE9): This patch rolls up a whopping thirteen security fixes into one. One of the vulnerabilities is already publicly known, too. Needless to say, this patch is a high priority item. MS12-038/KB2706726 - Critical (.NET Framework 2.0, .NET Framework 4): Regular readers will know that I've become very down on XAML Browser Applications (XBAPs) due to security concerns. This is further reinforcement of that view. This patch plugs a remote code execution hole in XBAPs, and should be installed immediately. MS12-039/KB2707956 - Important (Lync 2010 clients, Microsoft Communicator 2007 R2): Four security vulnerabilities, one that allows for remote code execution attacks, have been found in a variety of Microsoft Lync clients and Microsoft communicator 2007 R2. It's not likely you will be in a meeting with an attacker; this patch can wait until your next scheduled patch time. MS12-040/KB2709100 - Important (Microsoft Dynamics AX 2012): The Microsoft Dynamics AX 2012 Enterprise Portal allows attackers to send email messages to users or trick them into clicking on an URL that could perform an elevation of privileges attack. Install this patch if you use Enterprise Portal. MS12-041/KB2709162 - Important (XP, Vista, W7, 2003, 2008, 2008 R2): Locally logged on users have five vulnerabilities to escalate privileges, this patch fixes them. This is a low threat issue and the patch should not be treated as an emergency. MS12-042/KB2711167 - Important (XP, W7, 2003, 2008 R2): Here's the winner for "bizarre security problem of the month": somehow, there is a pair of escalation of privileges vulnerabilities that affect XP/2003 and W7/2008 R2, but managed to miss the Vista/2008 generation of Windows. In the years that I have been writing this article each month, I never thought I'd see that! In any event, you should install this patch on schedule.

Other Updates

KB2677070 - Provides an update to the system for getting the revoke certificates list. KB2699779 - No information available at this time. KB2703157 - Fixes a memory leak in the WinHTTP Web Proxy Auto-Discovery Service. KB2709630 - Patches a problem where logging into a Windows 7 or 2008 R2 machine that is disconnected from a domain could take a long time. KB2709981 - Fixes a problem with DVDs playing mangled video on Windows 7 and 2008 R2.

"The Usual Suspects": Updates to the Malicious Software Removal Tool.

Changed, but not significantly:

  • MS12-020/KB2667402 - Security update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
  • MS12-025/Multiple KBs - Security update for .NET Framework 1.1 - 4
  • KB982670 - .NET Framework 4 Client Profile for XP.
  • KB982671 - .NET Framework 4 for XP.

Updates since the last Patch Tuesday

There were no security updates released out-of-band.

Minor items added or updated since the last Patch Tuesday:

KB2718704 - Certificate revocation list update to deal with the Flame virus. KB2720211 - Minor updates to WSUS 3.0 SP2. KB947821 - System update readiness tool for Vista, W7, 2008, and 2008 R2.

Changed, but not significantly:

  • MS12-034/KB2656407 - Security update for Microsoft .NET Framework 3.0 SP2 on Windows Server 2003 and Windows XP
  • MS12-034/KB2686509 - Security update for Windows XP Embedded
  • MS12-035/KB2604092 - Security update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP
  • MS12-035/KB2604110 - Security update for Microsoft .NET Framework 3.0 SP2 on Windows Server 2003 and Windows XP
  • MS12-100/KB2656352 - Security update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP

About

Justin James is the Lead Architect for Conigent.

15 comments
betsam
betsam

After running patches, our nagios server is finding that the domain controllers offsets for NTP are on and off. Does not seem to affect our time in the network, but thought I'd put it out there in case anyone else was seeing any timesync problems...

klh456
klh456

I have two test machines that I patched with the latest MS patches over the weekend. They were awaiting a reboot this morning. Now both machines are ungodly slow! Anyone else experience any issues?

Who Am I Really
Who Am I Really

but on my win7 x64 system, one update borked the integrated NIC when the system booted up after applying the update, the NIC wasn't there anymore after poking around in device mangler I found it to reappear after refreshing the list but it was disabled then after re-enabling the connection it is now named Local Area Connection 2

littleroot
littleroot

In our update pilot test group two out of four Dell Optiplex Windows 7 32-bit computers boot in a loop when KM2677070 is installed via our WSUS server, or direct download. We went back to a restore point and all is well but adding this update one on certain machines. We are looking into what similar software might be installed on the two problem machines.

sura.jan
sura.jan

KB2706726 patch (Framework) install unccessfull and instantly cycling! Last Microsoft Patch Tuesday there were two patches - install successfull but instantly cycling and it took 2 days to correct this error!

gary
gary

Our Sharepoint 2010 server is stuck at 0% applying updates for over an hour this morning. It looks like at 10:00 last night a bunch of patches tried to apply and then again at 3am (I guess this was the normal stuff), anyone else see this? thanks

Gisabun
Gisabun

Listed now as "Applications using multi-package installation on Windows 7 and Windows Server 2008 R2 may fail to install".

JCitizen
JCitizen

In fact, I think this cycle fixed my network problems that started after the last roll up. You never know though, about intermittent network failure; it could have been anything, and may return. I've already done everything on the hardware side to try to find the problem. (edited) Despite early improvement, my PPPoE connection when down. After reinstalling one XP system and doing an image backup restore on my Vista systems, this update cycle finally installed correctly. Attempting to use a direct PPPoE connection through a modem resulted in a 815 error message, but the LAN connection through the gateway worked fine now.

Mark W. Kaelin
Mark W. Kaelin

Are the Microsoft patches giving you trouble this month? Maybe your peers can help - describe the problems you are having.

klh456
klh456

I uninstalled the patches, but nothing changed on the physical machine. (VM seemed to resolve itself after awhile and is now fine.) Finally discovered that the hard drive on the first machine was going bad. After a forced chkdsk after a reboot it would not boot into safe mode. Was able to get an image from the drive. Put that image on another drive and all is fine. So, appears it was not related to the patching at all, pure coincidence.

ddornmsn
ddornmsn

Yep, two of my 2008 VMs are ungodly slow in logging in today after the June 2012 patches!

JCitizen
JCitizen

I know it was that last patch Tuesday that hosed my network! I now know that was it, because after restoring my Vista machine from backups, the problem went away! I will now have to install one at a time to find the culprit.

JCitizen
JCitizen

I thought everything was hunky dory, but after network slow downs, and an absolute failure of one of my older XP machines. I ended up reinstalling the operating system and redoing all updates. So far so good on that one PC, now to find out what is wrong with the others. Nothing a quick restore might not fix, but I have no choice but to try all updates, it is just flat a requirement in my operation.

sura.jan
sura.jan

Not KB2706726 but KB2656370 still unsuccessfull installation

sura.jan
sura.jan

No automatic repair (Fixit) helped, always unsuccessful. Direct Link to KB2656370 patch helped, Framework 1.1 needed repair from installation file.