Patch Critical Windows 8 RTM Security Vulnerabilities
Last Updated on Tuesday, 13 November 2012 12:53 Written by admin Tuesday, 13 November 2012 12:53
Windows 8 certainly doesn’t make an exception to Microsoft’s monthly patch cycle. In fact, the Redmond company just released a number of updates designed to patch Critical security vulnerabilities impacting the latest iteration of Windows.
MS12-072 comes to resolve two severe issues in Windows Shell. In scenarios in which attackers would be able to exploit the security vulnerabilities, they’d also have an open window into Windows allowing them to execute code remotely and completely take over infected machines. Only the 32-bit and the 64-bit versions of Windows 8 RTM are impacted.
MS12-075 resolves three security holes in Windows kernel-mode drivers, also Critical, also allowing for remote code execution in the eventuality of a successful exploit. In addition to the 32-bit and 64-bit releases of Windows 8, Windows RT is also impacted.
Internet Explorer 9 v. 9.0.4 (IE 9.0.4) Released
Last Updated on Tuesday, 13 December 2011 01:45 Written by Mire_B Tuesday, 13 December 2011 01:45
Make sure to update Internet Explorer 9 to version 9.0.4, the latest release provided by Microsoft. This is a patch collection designed to resolve a number of security vulnerabilities, and as such, it’s a mandatory install.
The December 2011 Cumulative Security Update for Internet Explorer is now available via Windows Update. This security update resolves three privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user visits a specially crafted Web page using Internet Explorer. An attacker who successfully exploited this vulnerability could run a malicious application on the affected system. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
This security update is rated Important for Internet Explorer on Windows clients and Internet Explorer 9 for Windows 2008 R2; and Low for Internet Explorer on Windows servers. For more information, see the full bulletin.
Most customers have enabled automatic updating and do not need to take any action. We recommend that customers, who have not enabled automatic updating, enable it (Start Menu, type “Windows Update”). We recommend that administrators, enterprise installations, and end users who want to install this security update manually, apply the update immediately using update management software or by checking for updates using the Microsoft Update service.
—Ceri Gallacher, Program Manager, Internet Explorer
December 2011 Microsoft Security Patches Fix 19 Vulnerabilities
Last Updated on Tuesday, 13 December 2011 01:43 Written by Mire_B Tuesday, 13 December 2011 01:43
There can be no better course of action than to deploy the December 2011 security bulletins from Microsoft as fast as possible. There are a total of 13 patch packages released, three of which rated Critical, severity-wise. All in all, they patch no less than 19 vulnerabilities.
Customers should plan to install all of these updates as soon as possible. For those who must prioritize deployment, we recommend focusing first on these critical updates:
- MS11-092 – Windows Media: Vulnerability In Windows Media Could Allow Remote Code Execution
- MS11-087 – Windows: Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
Why 13 bulletins and not 14, as we stated in the ANS announcement on Thursday? After that announcement, we discovered an apps-compatibility issue between one bulletin-candidate and a major third-party vendor. We’re currently working with that vendor to address the issue on their platform, after which we’ll issue the bulletin as appropriate. As ever, we’d much rather withdraw a potential bulletin than ship something that might inconvenience customers, however limited that inconvenience in scope. The issue addressed in that bulletin, which we have been monitoring and against which we have seen no active attacks in the wild, was discussed in Security Advisory 2588513.
In the video below, Jerry Bryant discusses this month’s bulletins in further detail.
As always, we recommend that customers deploy all security updates as soon as possible. Below is our deployment priority guidance to further assist customers in their deployment planning (click for larger view).
Our risk and impact graph shows an aggregate view of this month’s severity and exploitability index (click for larger view).
You can find more information about this month’s security updates on the Microsoft Security Bulletin Summary web page.
Per our usual process, we’ll offer the monthly technical webcast on Wednesday, hosted by Jerry Bryant and Jonathan Ness. I invite you to tune in and learn more about the December security bulletins, as well as other announcements made today. The webcast is scheduled for Wednesday, December 14, 2011 at 11 A.M. PST. Click here to register.
Thanks, Angela Gunn Trustworthy Computing.
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- November 2012
- October 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009