Friday, September 21, 2012

Microsoft MS12-063 – Critical Cumulative Security Update for Internet Explorer


Microsoft released MS12-063, a cumulative update for Internet Explorer addressing Security Advisory 2757760 as well as four other critical-class remote code execution issues.  The update requires a restart.
    The Bulletin addresses the following issues from the Common Vulnerabilities and Exposures (CVE) list:
    Internet Explorer 10 on Windows 8 and Windows Server 2012 is not affected.  All other versions of Internet Explorer are affected

    Support

    The following additional information is provided in the Security Bulletin:

    References





    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    Wednesday, September 19, 2012

    Out of Band Internet Explorer Security Update

    Security Bulletin
    On Friday, September 21, 2012, Microsoft  will release MS12-063, a cumulative update for Internet Explorer addressing Security Advisory 2757760 as well as four other critical-class remote code execution issues.  The update will require a restart.

    Microsoft Fix it

    In addition, a Microsoft Fix it solution is available now for applying ahead of the update to protect your computer.

    Fix it
    EnableDisable
    Fix this problem
    Microsoft Fix it 50939
    Fix this problem
          Microsoft Fix it 50938

    (HT:  ky331)

    References





    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    Tuesday, September 18, 2012

    Microsoft Security Advisory 2757760

    Security Advisory
    Microsoft released Security Advisory 2757760 to address an issue that affects all versions of Internet Explorer except IE10.

    Current exploits of this vulnerability occur with Internet Explorer using third-party software, most particularly Oracle’s Java, when visiting a website hosting malicious code.

    Update:  It was reported at the MSRC Blog that a Microsoft Fix it solution will be issued within the next few days.  In the interim, it was also stated that this vulnerability is currently not widespread.  See the update at Additional information about Internet Explorer and Security Advisory 2757760.

    Recommendations:

    Uninstall Java -- Most home computer users no longer need Java.  Following are reasons why someone may need Oracle Sun Java installed on their computer:

    • Playing on-line games generally requires Java.
    • With OpenOffice, Java is needed for the items listed  here
    • It used to be that Java was needed for websites to be properly displayed. However, that is generally not the case now with Flash having taken over.
    • There may be commercial programs that depend on Java. If Java is needed for a software installed on your computer, there should be a prompt for it.
    If you need Java, be sure you have uninstalled all old, vulnerable versions and have only the most recent release installed on your computer.

    Install and configure EMET -- The Enhanced Mitigation Experience Toolkit was designed to help prevent hackers from gaining access to your system. It prevents exploitation by applying in-box mitigations such as DEP to configured applications.

    The simple steps needed to add iexplore.exe to EMET and other actions are provided in the "Suggested Actions" section of the Security Advisory.  When checking EMET, I was pleased to see that I had already added iexplore.exe. 


    References:




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Tuesday, September 11, 2012

    Microsoft Security Bulletin Release for September 2012


    Microsoft released two (2) bulletins, of which both bulletins are identified Important.  The bulletins are related to Elevation of Privilege, although neither is known to be under active exploit in the wild.

    The bulletins address twenty-six vulnerabilities in Microsoft Windows, Internet Explorer, Exchange Server, SQL Server, Server Software, Developer Tools, and Office.  Although they do not require a restart, it is advised to restart the computer after installing the updates.
    • MS12-061 (Visual Studio Team Foundation Server) This security update resolves a privately reported vulnerability in Visual Studio Team Foundation Server. This bulletin is rated Important for Microsoft Visual Studio Team Foundation Server 2010 Service Pack 1.
    • MS12-062 (System Center Configuration Manager) This security update resolves a privately reported vulnerability in Microsoft System Center Configuration Manager. The bulletin is rated Important for Microsoft Systems Management Server 2003 Service Pack 3 and Microsoft System Center Configuration Manager 2007 Service Pack 2.


    Support

    The following additional information is provided in the Security Bulletin:

    References





    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    Thursday, September 06, 2012

    Security Bulletin Advance Notice for September 2012

    Security Bulletin
    On Tuesday, September 11, 2012, Microsoft is planning to release two (2) bulletins, of which both bulletins are identified Important.  The bulletins are related to Elevation of Privilege.  Although they do not require a restart, it is advised to restart the computer after installing the updates.


    ==================================
    NEW BULLETIN SUMMARY
    ==================================
    Bulletin ID: Bulletin 1
    Maximum Severity Rating:  Important
    Vulnerability Impact: Elevation of Privilege Restart Requirement: No restart required Affected Software: Microsoft Visual Studio Team Foundation Server 2010
    ----------------------------
    Bulletin ID: Bulletin 2
    Maximum Severity Rating: Important
    Vulnerability Impact: Elevation of Privilege Restart Requirement: No restart required Affected Software: Microsoft Systems Management Server 2003 and Microsoft System Center Configuration Manager 2007.
    ----------------------------


    As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

    IT Administrators are advised to pay particular attention to the information in the MSRC Blog regarding Security Advisory 2661254 (Update For Minimum Certificate Key Length).

    References



    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...