Security

It's Microsoft Patch Tuesday: March 2012

Justin James gathers the information you need to make the right deploy decision when applying Microsoft's March 2012 patches in your organization.

In one of the more surprising Patch Tuesdays in recent memory (not including December's, because they are usually light), we have only one "critical" bulletin, and it is for a service (Remote Desktop) that isn't enabled on most systems. In addition, there are no significant out-of-band items released. And in the biggest shock of them all, Microsoft Office does not have any security patches this month.

This blog post is also available in PDF format in a TechRepublic download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Editor's Note: Microsoft is having technical trouble with regard to TechNet links (MS12-0XX). We are operating on the belief that eventually Microsoft will fix the links below. In the meantime, click the Sign Out link on TechNet to get the bulletin page to load. The Knowledge Base article KB2608658 is not working at the point of publication, but all the other KBs are working as linked.

Security Patches

MS12-017/KB2647170 - Important (2003, 2008, 2008 R2): There is a denial-of-service vulnerability in the Windows DNS server. Install this patch on those servers running DNS. MS12-018/KB2641653 - Important (XP, Vista, W7, 2003, 2008, 2008 R2): Locally logged-on users can run a malicious application to exploit a vulnerability in kernel mode drivers and gain administrative rights. Install this patch on your usual cycle. MS12-019/KB2665364 - Moderate (Vista, W7, 2008, 2008 R2): An issue with DirectWrite can allow an Instant Messenger contact to send a special Unicode sequence to perform a denial-of-service attack. This patch can wait until your normal patch day. MS12-020/KB2671387 - Critical (XP, Vista, W7, 2003, 2008, 2008 R2): This patches a pair of vulnerabilities in the Remote Desktop Protocol (RDP) system, one of which can be used to perform remote code execution attacks against systems that have RDP enabled. Install this patch immediately on systems that allow RDP connections. MS12-021/KB2651019 - Important (Visual Studio 2008, Visual Studio 2010): Attackers can place malicious add-ins into Visual Studio's add-in directory, and since Visual Studio often gets run with escalated privileges, the add-in can get them too. If you use Visual Studio, you should install this patch. * MS12-022/KB2651018 - Important (Microsoft Expression Design): The familiar "opening a file from a share with a special crafted DLL can allow that DLL's code to be executed" bug is back, this time with the Microsoft Expression Design products. Expression Design users should install this patch when they get a chance.

Keep up will all future Microsoft Patch Tuesdays by

Other updates

KB2608658 - Update for Windows 2008 R2. KB2639308 - Allows Windows 7 and 2008 R2 applications to force executable images to use address space layout randomization (ASLR).

"The Usual Suspects": Updates to the ActiveX killbits, Malicious Software Removal Tool, and the Junk Email Filter.

Changed, but not significantly:

Updates since the last Patch Tuesday

There were no security updates released out-of-band.

Minor items added or updated since the last Patch Tuesday:

KB931125 - Root certification update. KB947821 - System update readiness tool.

Changed, but not significantly: none.

About

Justin James is the Lead Architect for Conigent.

Editor's Picks