It's Microsoft Patch Tuesday: November 2012

Deb Shinder gathers the information you need to make the right deploy decision when applying Microsoft's November 2012 patches in your organization.

Once again, six is the magic number, as this month brings us the same number of security bulletins as October - but this time four of them are rated as critical, one as important, and one as moderate. All but one affect various versions of Microsoft Windows, one affects Office, one affects Internet Explorer and one affects .NET Framework. Windows Vista and Windows 7, along with Server 2008/2008 R2, are impacted by five of the bulletins. Windows 8 and Server 2012 are affected by only three, with Windows RT escaping all but two.

Five out of six of these bulletins address vulnerabilities that can allow remote code execution, so getting them patched as quickly as you can is vital. Annoyingly, all of the patches either may or definitely do require a restart.

This blog post is also available in the PDF format in a TechRepublic Download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Security Patches

MS12-071/KB2761451 - Cumulative Security Update for Internet Explorer (Internet Explorer 9 on Windows Vista SP2, Windows Server 2008 and 2008 R2, and Windows 7 - all 32 bit and 64 bit editions):

This critical update addresses three vulnerabilities in Internet Explorer 9 that would allow an attacker to gain the user rights of the currently logged on user. It impacts only version 9 of IE, which does not run on XP; thus XP is not affected. It also does not affect IE 8 on any operating system, and it does not affect IE 10, so Windows 8, Windows RT and Server 2012 are not affected, nor is the Server Core installation of Server 2008/2008 R2. MS12-072/KB2727528 - Vulnerabilities in Windows Shell Could Allow Remote Code Execution (All supported versions of Windows except Server Core installations, Itanium-based Server 2008/2008 R2 installations, and Windows RT devices): This critical update addresses two vulnerabilities in Windows that would allow an attacker to execute code remotely with the same rights as the currently logged on user. The exploits occurs only if the user browses to a maliciously crafted briefcase in Windows Explorer, as it relies on a vulnerability in the Briefcase feature. MS12-074/KB2745030 - Vulnerabilities in .NET Framework Could Allow Remote Code Execution (All supported versions of Windows): This critical update addresses five vulnerabilities that impact every client and server Microsoft OS from XP SP3 to Windows 8/Windows RT and Server 2012, and includes the Server Core installations. It affects all versions of the .NET Framework except 3.0 SP2 and 3.1 SP1. However, an attacker must convince the user to use a malicious proxy auto configuration file, which injects code into the currently running application and could allow execution of remote code. MS12-075/KB2761226 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (All supported versions of Windows): This is another critical update that addresses three vulnerabilities that can allow an attacker to remotely execute code. In this case, the exploit can be accomplished either by convincing the user to open a maliciously crafted document or by getting the user to visit a malicious website (for example, by providing a link in an email message). This is an easier exploit than the previous two because users are more likely to open docs or visit web sites than to open a briefcase or use a proxy file. Note that while the Server Core installation of Server 2008/2008 R2/2012 is affected, the impact is lower (elevation of privilege rather than remote code execution). Also note that if you're still running the Release Preview versions of Windows 8/Server 2012, these are affected as well. MS12-076/KB2720184 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (Microsoft Office 2003 SP3, 2007 SP2, 2010 SP1; Microsoft Office 2008 and 2011 for Mac, Excel Viewer, and Office Compatibility Pack SP 2 and SP3): This important update addresses four vulnerabilities in Microsoft Office/Excel by which an attacker could remotely execute code with the same rights as the current user by convincing the user to open a maliciously crated Excel file. Note that the standalone versions of Excel are also affected. Note that Office/Excel 2013 and the Excel Web App are not affected. If you have a listed version of Office installed but did not install Excel, the update is not necessary but can be installed anyway. MS12-073/KB2733829 - Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information Disclosure (Windows Vista and Windows 7, Windows Server 2008/2008 R2 SP1, including Itanium editions and Server Core installations): This update, rated at moderate severity, addresses one vulnerability in IIS that could result in disclosure of information stored on the computer if an attacker sends a maliciously crated FTP command to the FTP server running on IIS. Note that this does not affect Windows XP SP3 (x64 SP2), Vista/Server 2003/2008 with SP 2 installed, Windows 8/RT or Server 2012.

Other Updates/Releases

KB890830 - Update to Windows Malicious Software Removal Tool:

As always, Microsoft released updated definitions for the MSRT, including the Internet Explorer version. This is a high priority update that is classified as non-security, but keeping the tool up to date is an important factor in securing your systems. KB2685811 - Update for Kernel-Mode Driver Framework version 1.11: This non-security update to the kernel-mode driver framework is for Windows 7 and Windows Server 2008 R2. It's designed to resolve issues in both the 32 and 64 bit versions of Windows 7 and in Windows Server 2008 R2. KB2685813 - Update for User-Mode Driver Framework version 1.11: Similar to the foregoing patch, this is another non-security update for Windows 7 and Windows Server 2008 R2, this one aimed at the user-mode driver framework.

(optional; install if migrating to IPv6)

KB2750841 - Update for Windows 7 and Windows Server 2008 R2:

This is another non-security update aimed at "resolving issues," and applies to the 32 and 64 bit versions of Windows 7 and to Windows Server 2008 R2. It is designed to improve performance as you migrate from IPv4 to IPv6. (optional)

KB2761217 - Update for Windows 7 and Windows Server 2008 R2:

Yet another non-security update that is designed to resolve issues with Windows 7 and Windows Server 2008 R2. This one adds the Calibri Light fonts to Windows 7/Server 2008 R2. KB2763523 - Update for Windows 7 and Windows Server 2008 R2: It seems these two operating systems are having a lot of "issues" this month; this is the fourth update Microsoft is releasing to fix some of those. This one fixes a problem with no network connectivity if a DHCPv6 message with a duplicated DUID is sent. KB2769034 - Update for Windows 8, Windows RT and Windows Server 2012: Now that Microsoft's newest operating systems have been officially released, it's time for them to start addressing the inevitable bugs, and this is one in a group of four non-security patches being released this month for that purpose. KB2769165 - Update for Windows 8, Windows RT, and Windows Server 2012: Another non-security patch that you'll want to install if you're running one of the brand new Microsoft operating systems, to fix some of the issues in the final release. Microsoft considers this one to be of higher priority than the first two. KB2770917 - Update for Windows 8, Windows RT and Windows Server 2012: This is another "high priority" non-security update, designed to fix more problems with Windows 8, Windows RT and Server 2012. KB2772501 - Update for Windows 8, Windows RT and Windows Server 2012: This is the last of this month's high priority non-security updates that you should install on your new Windows 8 computer, RT-based tablet or Server 2012 machine.

Updates since the last Patch Tuesday

Microsoft has released a number of non-security updates since October Patch Tuesday, some of which you should install to resolve issues in Windows and some of which are optional, for specific usage scenarios.

KB2758994 - Update for Internet Explorer Flash Player for Windows RT:

Addresses a vulnerability that could allow an attacker to exploit the IE Flash Player on a Windows RT device to take control, as described in Microsoft Security Advisory 2755801.


KB2607607 - Language Packs for Windows RT, Windows 8 and Windows Server 2012:

Microsoft released language packs for the following languages for Windows RT: Korean, Japanese, English, Italian, Chinese, Russian, Dutch, Spanish, German, Hebrew, Chinese Simplified, French, Arabic and Brazilian Portuguese. Microsoft also released a very large number of language packs for  Windows 8 and Windows Server 2012. KB2574819 - Update adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1: This update adds support for the Datagram Transport Layer Security protocol, which helps reduce protocol overhead on slow networks for certain applications. KB2592687 - Remote Desktop Protocol 8.0 Update for Windows 7 SP1 and Windows Server 2008 R2 SP1: This update introduces new features for the RDP client; including dynamic in-session USB redirection, reconnect for RemoteApp and Desktop connections, improved SSO with Remote Desktop Web Access, support for nested sessions, and RemoteFX improvements. KB2770816 - Windows Update stops at 13% in Windows 8 or Windows Server 2013: This update addresses a problem encountered by some users who installed a driver with a large .inf file and then tried to install the Windows 8 Client and Windows Server 2012 General Availability Cumulative Update, resulting in Windows Update stopping at the 13% mark and then restarting automatically and giving an error message.