Security

It's Microsoft Patch Tuesday: March 2012

Justin James gathers the information you need to make the right deploy decision when applying Microsoft's March 2012 patches in your organization.

In one of the more surprising Patch Tuesdays in recent memory (not including December's, because they are usually light), we have only one "critical" bulletin, and it is for a service (Remote Desktop) that isn't enabled on most systems. In addition, there are no significant out-of-band items released. And in the biggest shock of them all, Microsoft Office does not have any security patches this month.

This blog post is also available in PDF format in a TechRepublic download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Editor's Note: Microsoft is having technical trouble with regard to TechNet links (MS12-0XX). We are operating on the belief that eventually Microsoft will fix the links below. In the meantime, click the Sign Out link on TechNet to get the bulletin page to load. The Knowledge Base article KB2608658 is not working at the point of publication, but all the other KBs are working as linked.

Security Patches

MS12-017/KB2647170 - Important (2003, 2008, 2008 R2): There is a denial-of-service vulnerability in the Windows DNS server. Install this patch on those servers running DNS. MS12-018/KB2641653 - Important (XP, Vista, W7, 2003, 2008, 2008 R2): Locally logged-on users can run a malicious application to exploit a vulnerability in kernel mode drivers and gain administrative rights. Install this patch on your usual cycle. MS12-019/KB2665364 - Moderate (Vista, W7, 2008, 2008 R2): An issue with DirectWrite can allow an Instant Messenger contact to send a special Unicode sequence to perform a denial-of-service attack. This patch can wait until your normal patch day. MS12-020/KB2671387 - Critical (XP, Vista, W7, 2003, 2008, 2008 R2): This patches a pair of vulnerabilities in the Remote Desktop Protocol (RDP) system, one of which can be used to perform remote code execution attacks against systems that have RDP enabled. Install this patch immediately on systems that allow RDP connections. MS12-021/KB2651019 - Important (Visual Studio 2008, Visual Studio 2010): Attackers can place malicious add-ins into Visual Studio's add-in directory, and since Visual Studio often gets run with escalated privileges, the add-in can get them too. If you use Visual Studio, you should install this patch. * MS12-022/KB2651018 - Important (Microsoft Expression Design): The familiar "opening a file from a share with a special crafted DLL can allow that DLL's code to be executed" bug is back, this time with the Microsoft Expression Design products. Expression Design users should install this patch when they get a chance.

Keep up will all future Microsoft Patch Tuesdays by

Other updates

KB2608658 - Update for Windows 2008 R2. KB2639308 - Allows Windows 7 and 2008 R2 applications to force executable images to use address space layout randomization (ASLR).

"The Usual Suspects": Updates to the ActiveX killbits, Malicious Software Removal Tool, and the Junk Email Filter.

Changed, but not significantly:

Updates since the last Patch Tuesday

There were no security updates released out-of-band.

Minor items added or updated since the last Patch Tuesday:

KB931125 - Root certification update. KB947821 - System update readiness tool.

Changed, but not significantly: none.

About

Justin James is the Lead Architect for Conigent.

9 comments
allanrbowman
allanrbowman

When you step back and view the world of Microsoft "software" - you see a strange world where the users totally accept dysfunctional products and the need to constantly fix, update, and apply patches. If your car worked like Microsoft software, you would be outraged and lawsuits would fly. Same for virtually every other product you buy from cell phones, televisions to lawnmowers. In a real world, there would be class action lawsuits over the execrable state of software but not apparently in the world of geeks and nerds who enjoy being needed to keep the stuff running.

MyopicOne
MyopicOne

Umm Justin, RDP is used for remote server management at many companies.

Gisabun
Gisabun

Funny. I didn't get that one but 10-29 [KB978338]. Also note KB2647753. Updates printing core files.

Slayer_
Slayer_

I have to keep an eye on those, they have bit us in the butt before.

ken_kalman
ken_kalman

After installing today's patches, I was prompted to install Security Update KB2378111, which dates back to October, 2010. As far as I could tell, I've been up to date with the patches, and have not been prompted for this one in the recent past. Has anyone else had this happen?

Mark W. Kaelin
Mark W. Kaelin

Are the Microsoft patches giving you trouble this month? Maybe your peers can help - describe the problems you are having.

Justin James
Justin James

... that's still not "most systems", that's servers. Also, most folks don't have it exposed to the outside world. J.Ja

Who Am I Really
Who Am I Really

the checkbox in the system dialog for: "allow Remote Assistance invitations to be sent from this computer" is checked by default Remote Assistance uses the RDP protocol so even if a user has no actual Remote Desktops configured the RDP server is still running, to provide services to Remote Assistance

Justin James
Justin James

From the KB article: "By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk." I am not sure what exactly is different with Remote Assistance, but Microsoft doesn't see this issue as a threat unless you've manually enabled Remote Desktop. J.Ja