This month sees a trio of remote code execution attacks in Office products, which is never good, and another big-time vulnerability in XAML Browser Application (XBAP) handling. At least the nonsecurity patches are at a bare minimum this time around!
Security PatchesMS12-029/KB2680352 - Critical (Office 2007)/Important (Office 2003, Office 2008 for Mac, Office 2011 for Mac, Office Compatibility Pack): Parsing issues with RTF files can lead to remote code execution attacks against Word users, granting the attacker the privileges of the user who opened the file. You will want to plug this hole immediately. MS12-030/KB2663830 - Important (Office 2003, Office 2007, Office 2010, Office 2008 for Mac, Office 2011 for Mac, Office Compatibility Pack, Excel Viewer): Another remote code execution attack that occurs when opening files, this time in Excel. Even though Microsoft rates the severity as "important," the overall exposure justifies installing the patch as soon as you can. MS12-031/KB2597981 - Important (Visio Viewer 2010): Visio also has a remote code execution vulnerability when opening files. It makes me wonder if it is all the same common piece of code? Again, get Visio patched quickly, since those files are not too uncommon. MS12-032/KB2688338 - Important (Vista, W7, 2008, 2008 R2): Locally logged-on users can run an application to exploit issues with the TCP/IP stack and get higher rights. Because the user must already be logged on and able to run applications, the patch can wait until your normal patch cycle. MS12-033/KB2690533 - Important (Vista, W7, 2008, 2008 R2): The Windows Partition Manager also has an escalation of privileges vulnerability, exploitable by a locally logged-on user running code. Again, this one can wait until you are scheduled to install patches. MS12-034/KB2681578 - Critical (XP, Vista, W7, 2003, 2008, 2008 R2, Silverlight 4 for Mac and Windows, Silverlight 5 for Mac and Windows): A whopping TEN vulnerabilities -- three already public -- are solved with this patch. Some are remote code execution attacks that can be exploited by visiting a Web site. It is hard to overstress how important it is to install this patch. MS12-035/KB2693777 - Critical (XP, Vista, W7, 2003, 2008, 2008 R2): XAML Browser Applications (XBAPs) are getting hit again this month with remote code executions that can be exploited through a Web site. Patch immediately, and seriously consider disabling XBAPs if you have not done so already.
Other UpdatesKB931125 - Root certification update.
Changed, but not significantly: none.
Updates since the last Patch Tuesday
There were no security updates released out-of-band.
Minor items added or updated since the last Patch Tuesday:
Changed, but not significantly: None.
Justin James is the Lead Architect for Conigent.