Patch Critical Windows 8 RTM Security Vulnerabilities

Last Updated on Tuesday, 13 November 2012 12:53 Written by admin Tuesday, 13 November 2012 12:53

Windows 8 certainly doesn’t make an exception to Microsoft’s monthly patch cycle. In fact, the Redmond company just released a number of updates designed to patch Critical security vulnerabilities impacting the latest iteration of Windows.

MS12-072 comes to resolve two severe issues in Windows Shell. In scenarios in which attackers would be able to exploit the security vulnerabilities, they’d also have an open window into Windows allowing them to execute code remotely and completely take over infected machines. Only the 32-bit and the 64-bit versions of Windows 8 RTM are impacted.

MS12-075 resolves three security holes in Windows kernel-mode drivers, also Critical, also allowing for remote code execution in the eventuality of a successful exploit. In addition to the 32-bit and 64-bit releases of Windows 8, Windows RT is also impacted.


Learn More

Internet Explorer 9 v. 9.0.4 (IE 9.0.4) Released

Last Updated on Tuesday, 13 December 2011 01:45 Written by Mire_B Tuesday, 13 December 2011 01:45

Make sure to update Internet Explorer 9 to version 9.0.4, the latest release provided by Microsoft. This is a patch collection designed to resolve a number of security vulnerabilities, and as such, it’s a mandatory install.

 

The December 2011 Cumulative Security Update for Internet Explorer is now available via Windows Update. This security update resolves three privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user visits a specially crafted Web page using Internet Explorer. An attacker who successfully exploited this vulnerability could run a malicious application on the affected system. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

This security update is rated Important for Internet Explorer on Windows clients and Internet Explorer 9 for Windows 2008 R2; and Low for Internet Explorer on Windows servers. For more information, see the full bulletin.

Most customers have enabled automatic updating and do not need to take any action. We recommend that customers, who have not enabled automatic updating, enable it (Start Menu, type “Windows Update”). We recommend that administrators, enterprise installations, and end users who want to install this security update manually, apply the update immediately using update management software or by checking for updates using the Microsoft Update service.

Ceri Gallacher, Program Manager, Internet Explorer

 


Learn More

December 2011 Microsoft Security Patches Fix 19 Vulnerabilities

Last Updated on Tuesday, 13 December 2011 01:43 Written by Mire_B Tuesday, 13 December 2011 01:43

There can be no better course of action than to deploy the December 2011 security bulletins from Microsoft as fast as possible. There are a total of 13 patch packages released, three of which rated Critical, severity-wise. All in all, they patch no less than 19 vulnerabilities.

Customers should plan to install all of these updates as soon as possible. For those who must prioritize deployment, we recommend focusing first on these critical updates:

  • MS11-092 – Windows Media: Vulnerability In Windows Media Could Allow Remote Code Execution
  • MS11-087 – Windows: Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution

Why 13 bulletins and not 14, as we stated in the ANS announcement on Thursday? After that announcement, we discovered an apps-compatibility issue between one bulletin-candidate and a major third-party vendor. We’re currently working with that vendor to address the issue on their platform, after which we’ll issue the bulletin as appropriate. As ever, we’d much rather withdraw a potential bulletin than ship something that might inconvenience customers, however limited that inconvenience in scope. The issue addressed in that bulletin, which we have been monitoring and against which we have seen no active attacks in the wild, was discussed in Security Advisory 2588513.

In the video below, Jerry Bryant discusses this month’s bulletins in further detail.

As always, we recommend that customers deploy all security updates as soon as possible. Below is our deployment priority guidance to further assist customers in their deployment planning (click for larger view).

Deployment Priority

Our risk and impact graph shows an aggregate view of this month’s severity and exploitability index (click for larger view).

Exploitability Index

You can find more information about this month’s security updates on the Microsoft Security Bulletin Summary web page.

Per our usual process, we’ll offer the monthly technical webcast on Wednesday, hosted by Jerry Bryant and Jonathan Ness. I invite you to tune in and learn more about the December security bulletins, as well as other announcements made today. The webcast is scheduled for Wednesday, December 14, 2011 at 11 A.M. PST. Click here to register.

Thanks, Angela Gunn Trustworthy Computing.


Learn More
Designed by CodenameWindows
WordPress is Free Software released under the GNU/GPL License.