Windows

It's Microsoft Patch Tuesday: November 2012

Deb Shinder gathers the information you need to make the right deploy decision when applying Microsoft's November 2012 patches in your organization.

Once again, six is the magic number, as this month brings us the same number of security bulletins as October - but this time four of them are rated as critical, one as important, and one as moderate. All but one affect various versions of Microsoft Windows, one affects Office, one affects Internet Explorer and one affects .NET Framework. Windows Vista and Windows 7, along with Server 2008/2008 R2, are impacted by five of the bulletins. Windows 8 and Server 2012 are affected by only three, with Windows RT escaping all but two.

Five out of six of these bulletins address vulnerabilities that can allow remote code execution, so getting them patched as quickly as you can is vital. Annoyingly, all of the patches either may or definitely do require a restart.

This blog post is also available in the PDF format in a TechRepublic Download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Security Patches

MS12-071/KB2761451 - Cumulative Security Update for Internet Explorer (Internet Explorer 9 on Windows Vista SP2, Windows Server 2008 and 2008 R2, and Windows 7 - all 32 bit and 64 bit editions): This critical update addresses three vulnerabilities in Internet Explorer 9 that would allow an attacker to gain the user rights of the currently logged on user. It impacts only version 9 of IE, which does not run on XP; thus XP is not affected. It also does not affect IE 8 on any operating system, and it does not affect IE 10, so Windows 8, Windows RT and Server 2012 are not affected, nor is the Server Core installation of Server 2008/2008 R2. MS12-072/KB2727528 - Vulnerabilities in Windows Shell Could Allow Remote Code Execution (All supported versions of Windows except Server Core installations, Itanium-based Server 2008/2008 R2 installations, and Windows RT devices): This critical update addresses two vulnerabilities in Windows that would allow an attacker to execute code remotely with the same rights as the currently logged on user. The exploits occurs only if the user browses to a maliciously crafted briefcase in Windows Explorer, as it relies on a vulnerability in the Briefcase feature. MS12-074/KB2745030 - Vulnerabilities in .NET Framework Could Allow Remote Code Execution (All supported versions of Windows): This critical update addresses five vulnerabilities that impact every client and server Microsoft OS from XP SP3 to Windows 8/Windows RT and Server 2012, and includes the Server Core installations. It affects all versions of the .NET Framework except 3.0 SP2 and 3.1 SP1. However, an attacker must convince the user to use a malicious proxy auto configuration file, which injects code into the currently running application and could allow execution of remote code. MS12-075/KB2761226 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (All supported versions of Windows): This is another critical update that addresses three vulnerabilities that can allow an attacker to remotely execute code. In this case, the exploit can be accomplished either by convincing the user to open a maliciously crafted document or by getting the user to visit a malicious website (for example, by providing a link in an email message). This is an easier exploit than the previous two because users are more likely to open docs or visit web sites than to open a briefcase or use a proxy file. Note that while the Server Core installation of Server 2008/2008 R2/2012 is affected, the impact is lower (elevation of privilege rather than remote code execution). Also note that if you're still running the Release Preview versions of Windows 8/Server 2012, these are affected as well. MS12-076/KB2720184 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (Microsoft Office 2003 SP3, 2007 SP2, 2010 SP1; Microsoft Office 2008 and 2011 for Mac, Excel Viewer, and Office Compatibility Pack SP 2 and SP3): This important update addresses four vulnerabilities in Microsoft Office/Excel by which an attacker could remotely execute code with the same rights as the current user by convincing the user to open a maliciously crated Excel file. Note that the standalone versions of Excel are also affected. Note that Office/Excel 2013 and the Excel Web App are not affected. If you have a listed version of Office installed but did not install Excel, the update is not necessary but can be installed anyway. MS12-073/KB2733829 - Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information Disclosure (Windows Vista and Windows 7, Windows Server 2008/2008 R2 SP1, including Itanium editions and Server Core installations): This update, rated at moderate severity, addresses one vulnerability in IIS that could result in disclosure of information stored on the computer if an attacker sends a maliciously crated FTP command to the FTP server running on IIS. Note that this does not affect Windows XP SP3 (x64 SP2), Vista/Server 2003/2008 with SP 2 installed, Windows 8/RT or Server 2012.

Other Updates/Releases

KB890830 - Update to Windows Malicious Software Removal Tool: As always, Microsoft released updated definitions for the MSRT, including the Internet Explorer version. This is a high priority update that is classified as non-security, but keeping the tool up to date is an important factor in securing your systems. KB2685811 - Update for Kernel-Mode Driver Framework version 1.11: This non-security update to the kernel-mode driver framework is for Windows 7 and Windows Server 2008 R2. It's designed to resolve issues in both the 32 and 64 bit versions of Windows 7 and in Windows Server 2008 R2. KB2685813 - Update for User-Mode Driver Framework version 1.11: Similar to the foregoing patch, this is another non-security update for Windows 7 and Windows Server 2008 R2, this one aimed at the user-mode driver framework.

(optional; install if migrating to IPv6)

KB2750841 - Update for Windows 7 and Windows Server 2008 R2: This is another non-security update aimed at "resolving issues," and applies to the 32 and 64 bit versions of Windows 7 and to Windows Server 2008 R2. It is designed to improve performance as you migrate from IPv4 to IPv6.

(optional)

KB2761217 - Update for Windows 7 and Windows Server 2008 R2: Yet another non-security update that is designed to resolve issues with Windows 7 and Windows Server 2008 R2. This one adds the Calibri Light fonts to Windows 7/Server 2008 R2. KB2763523 - Update for Windows 7 and Windows Server 2008 R2: It seems these two operating systems are having a lot of "issues" this month; this is the fourth update Microsoft is releasing to fix some of those. This one fixes a problem with no network connectivity if a DHCPv6 message with a duplicated DUID is sent. KB2769034 - Update for Windows 8, Windows RT and Windows Server 2012: Now that Microsoft's newest operating systems have been officially released, it's time for them to start addressing the inevitable bugs, and this is one in a group of four non-security patches being released this month for that purpose. KB2769165 - Update for Windows 8, Windows RT, and Windows Server 2012: Another non-security patch that you'll want to install if you're running one of the brand new Microsoft operating systems, to fix some of the issues in the final release. Microsoft considers this one to be of higher priority than the first two. KB2770917 - Update for Windows 8, Windows RT and Windows Server 2012: This is another "high priority" non-security update, designed to fix more problems with Windows 8, Windows RT and Server 2012. KB2772501 - Update for Windows 8, Windows RT and Windows Server 2012: This is the last of this month's high priority non-security updates that you should install on your new Windows 8 computer, RT-based tablet or Server 2012 machine.

Updates since the last Patch Tuesday

Microsoft has released a number of non-security updates since October Patch Tuesday, some of which you should install to resolve issues in Windows and some of which are optional, for specific usage scenarios.

KB2758994 - Update for Internet Explorer Flash Player for Windows RT: Addresses a vulnerability that could allow an attacker to exploit the IE Flash Player on a Windows RT device to take control, as described in Microsoft Security Advisory 2755801.

(optional)

KB2607607 - Language Packs for Windows RT, Windows 8 and Windows Server 2012: Microsoft released language packs for the following languages for Windows RT: Korean, Japanese, English, Italian, Chinese, Russian, Dutch, Spanish, German, Hebrew, Chinese Simplified, French, Arabic and Brazilian Portuguese. Microsoft also released a very large number of language packs for  Windows 8 and Windows Server 2012. KB2574819 - Update adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1: This update adds support for the Datagram Transport Layer Security protocol, which helps reduce protocol overhead on slow networks for certain applications. KB2592687 - Remote Desktop Protocol 8.0 Update for Windows 7 SP1 and Windows Server 2008 R2 SP1: This update introduces new features for the RDP client; including dynamic in-session USB redirection, reconnect for RemoteApp and Desktop connections, improved SSO with Remote Desktop Web Access, support for nested sessions, and RemoteFX improvements. KB2770816 - Windows Update stops at 13% in Windows 8 or Windows Server 2013: This update addresses a problem encountered by some users who installed a driver with a large .inf file and then tried to install the Windows 8 Client and Windows Server 2012 General Availability Cumulative Update, resulting in Windows Update stopping at the 13% mark and then restarting automatically and giving an error message.

About

Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 add...

16 comments
barrneywillson01
barrneywillson01

i am not able to start up my windows8 every time i try it shows blur screen with some unknown error codes.

HELP ME PLZ........

Global Email Support
Global Email Support

Hey 

i having trouble with my windows 8 0x80246002

update any body  here to help???


Slayer_
Slayer_

Didn't break any legacy apps and didn't have trouble installing.

fo128
fo128

Win 7 Professional x86. KB2685813 was listed in the recomended updates but after the restart the actual installed hotfix was listed as KB2685811. Cannot report any problems with the computer so far, it actually appears to run much faster (for now). What made me scratch my head (and at the same time I thought was strange) is the fact that there is no manual download available at any of the MS sites for these two - appearing to be related - updates. I have a Win 7 Ultimate x64 at home and wanted to manually download the updates on a USB here at the office, but couldn't get to a download link / site. EDIT: Sink head in shame. As it often happens in life, as soon as one presses the "post" or "send" button, the obvious (correct) solution appears out of thin air. I managed to download both files via the Windows Update Catalog. However, the KB number swap after the install / restart is still mind-boggling.

Rian Visser
Rian Visser

Unfortunately there is not much that can be done about the KB2770917 error. Microsoft has not yet replied or responded to any requests and hopefully are working on a solution. The problem appears to be with AMD machines. Just hide the update (as it is not security related) and wait until Microsoft release a compatible and working update. Deactivating 3rd party applications may not work for everyone. Be careful when doing this.

randy.c
randy.c

Installed 7 updates for Nov. 2012 patches on Windows 2003 Server, now there are errors in the Application Log every few seconds: The description for Event ID ( 0 ) in Source ( ODBC ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Error in d:\nt\enduser\databaseaccess\src\mdac\odbc\core\dm\perf.c(884), The system cannot find the file specified. : Failed to open file mapping. Database access is OK, but the messages are annoying. The server has the latest MDAC 2.8 SP2 on Windows Server 2003 SP2.

deb
deb

Some readers are reporting problems installing cumulative update 2770917. Some have reported that they've been able to install the update after disabling their antivirus problem. I will post here when an official solution is announced.

bryanjam
bryanjam

Until now I've been very impressed with Windows 8 - having graduated all the way from Windows '98 (with a Mac in-between). It's faster (7 took a minute or so to get online, with 8 it's instant) and seems to offer more. But this bungled update is very disappointing and likely to put people off: http://www.myce.com/news/users-report-problems-with-important-windows-8-update-64819/ Leaving many of us with what Microsoft calls a 'vulnerable' operating system. Hopefully they will fix it soon and do further testing before releasing the next shock to our systems.

robertr
robertr

I was two months behind on WIN7 (A lot further on my XP but I am out of ROOM on HD for that laptop), installed 34 updates and all appears to be working fine. I just brought up a client's WIN8 machine, I worry about it after reading previous post.

Mark W. Kaelin
Mark W. Kaelin

Are the Microsoft patches giving you trouble this month? Maybe your peers can help - describe the problems you are having.

deb
deb

I've heard from several readers who finally were able to get 2770917 installed by first disabling all background processes.

mbmckeever
mbmckeever

Since the November Patch Tuesday, my Terminal Services users on my Server 2003 servers have had to add commonly accessed websites to access/open PDF documents, open web email, etc. I am using IE 7 on these Servers Which Patch is doing this and how do i fix. currently i am Adding the websites to the Trusted Sites list but this is tedious and hit and miss since i need to do it for each user individually and no two users seem to access the same sites....GRR! ARGH!

bryanjam
bryanjam

I can't believe I've wasted almost a full day on trying to complete yesterdays (Nov 11) Windows 8 patches and I can see from a search for a solution that I am not the only one. It's not muchmore than a week since I upgraded to Windows 8 with a clean install on Drive C. The problem started when I selected all the patches offered, only to get failure, failure, failure. I then tried one at a time, which eventually worked - with a number of disk errors reported during the process - except for KB2770917, despite several attempts. I then download the package (8 stand-alone files) and laboriously installed all of them, each requiring a restart, saving KB2770917 for last, which failed again. What is going on? It feels like Microsoft has just thrown a bunch of fix-it's at us rather than have released them in sequence. I certainly didn't expect a problem like this so early for a new operating system and I have had to give up on for it for now rather than waste another day. Currently it is asking me to again install the uninstallable KB2770917. Any ideas - when I have time to try again? And how much of a risk is it to ignore?

JCitizen
JCitizen

although you never know with .NET it seems. :p

Editor's Picks