Microsoft Security Bulletin for January 10 2012

Discussion in 'other security issues & news' started by NICK ADSL UK, Jan 10, 2012.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK
    Offline

    NICK ADSL UK Administrator

    Microsoft Security Bulletin for January 10 2012

    Microsoft Security Bulletin Summary for January 13 2012
    Published: January 10 2011


    Note: There may be latency issues due to replication, if the page does not display keep refreshing


    Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the Microsoft.com download center or Windows Update. See the individual bulletins for details.

    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


    Today Microsoft released the following Security Bulletin(s).

    Bulletin Summary:

    http://technet.microsoft.com/en-us/security/bulletin/ms12-jan

    Critical (1)


    Microsoft Security Bulletin MS12-004 - Critical

    Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)

    Published: Tuesday, January 10, 2012
    http://technet.microsoft.com/en-us/security/bulletin/ms12-004


    Important (6)


    Microsoft Security Bulletin MS12-001 - Important

    Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)

    Published: Tuesday, January 10, 2012
    http://technet.microsoft.com/en-us/security/bulletin/ms12-001



    Microsoft Security Bulletin MS12-002 - Important

    Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381)

    Published: Tuesday, January 10, 2012
    http://technet.microsoft.com/en-us/security/bulletin/ms12-002


    Microsoft Security Bulletin MS12-003 - Important

    Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)
    http://technet.microsoft.com/en-us/security/bulletin/ms12-003



    Microsoft Security Bulletin MS12-005 - Important

    Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)

    Published: Tuesday, January 10, 2012
    http://technet.microsoft.com/en-us/security/bulletin/ms12-005



    Microsoft Security Bulletin MS12-006 - Important

    Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)

    Published: Tuesday, January 10, 2012
    http://technet.microsoft.com/en-us/security/bulletin/ms12-006



    Microsoft Security Bulletin MS12-007 - Important

    Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664)

    Published: Tuesday, January 10, 2012
    http://technet.microsoft.com/en-us/security/bulletin/ms12-007

    Moderate (0)




    Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

    Security Tool
    Find out if you are missing important Microsoft product updates by using MBSA.
  2. NICK ADSL UK
    Offline

    NICK ADSL UK Administrator

    TechNet Webcast: Information about Microsoft Security Bulletins for January (Level 200)

    Event ID: 1032499498

    Language(s): English.


    Product(s): computer security and information security.
    Audience(s): IT Decision Maker and IT Generalist.


    Join us for a brief overview of the technical details of this month's Microsoft security bulletins. We intend to address your concerns in this webcast. Therefore, Microsoft security experts devote most of this webcast to answering the questions that you ask.

    Starts: Wednesday, January 11, 2012 11:00 AM
    Time zone: (GMT-08:00) Pacific Time (US & Canada)
    Duration: 1 hour(s)



    Presented By:


    Pete Voss, Senior Response Communications Manager, Trustworthy Computing


    Dustin Childs, Senior Security Program Manager, Microsoft Security Response Center, Microsoft Corporation



    Register now for the January security bulletin webcast.
  3. NICK ADSL UK
    Offline

    NICK ADSL UK Administrator

    Microsoft Security Bulletin MS11-099 - Important
    Cumulative Security Update for Internet Explorer (2618444)

    Published: Tuesday, December 13, 2011 | Updated: Tuesday, January 10, 2012

    Reason for Revision: V1.2 (January 10, 2012): Announced that
    this update, MS11-099, enables the protections provided in the
    Vulnerability in SSL/TLS Could Allow Information Disclosure
    update, MS12-006, for Internet Explorer. For more information,
    see the Update FAQ.
    - Originally posted: December 13, 2011
    - Updated: January 10, 2012
    - Bulletin Severity Rating: Important
    - Version: 1.2
    http://technet.microsoft.com/en-us/security/bulletin/ms11-099
  4. NICK ADSL UK
    Offline

    NICK ADSL UK Administrator

    MS12-006: Vulnerability in SSL/TLS could allow information disclosure: January 10, 2012

    Known issues with this security update

    After you install this security update, you may experience authentication failure or loss of connectivity to some HTTPS servers.
    This issue occurs because this security update changes the way that records are sent to HTTPS server.
    http://support.microsoft.com/kb/2643584
  5. NICK ADSL UK
    Offline

    NICK ADSL UK Administrator

    The following bulletins have undergone a major revision increment.
    Please see the appropriate bulletin for more details.

    * MS12-007 - Important
    * MS12-JAN

    Bulletin Information:
    =====================

    * MS12-007 - Important

    - http://technet.microsoft.com/security/bulletin/ms12-007
    - Reason for Revision: V2.0 (January 11, 2012): Announced that
    the original upgrade package, AntiXSS Library version 4.2, has
    been replaced with AntiXSS Library version 4.2.1. All users of
    the AntiXSS Library will need to upgrade to AntiXSS Library
    version 4.2.1 to help ensure they are protected from the
    vulnerability described in this bulletin. See the update FAQ
    for more information.
    - Originally posted: January 10, 2012
    - Updated: January 11, 2012
    - Bulletin Severity Rating: Important
    - Version: 2.0

    * MS12-JAN

    - http://technet.microsoft.com/security/bulletin/ms12-JAN
    - Reason for Revision: V2.0 (January 11, 2012): For MS12-003,
    corrected exploitability assessment for latest software
    release in the Exploitability Index for CVE-2012-0005. For
    MS12-007, revised to announce bulletin rereleased.
    See the MS12-007 bulletin for more information.
    - Originally posted: January 10, 2012
    - Updated: January 11, 2012
    - Version: 2.0

    Summary
    =======
    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS12-004 - Critical

    Bulletin Information:
    =====================

    * MS12-004 - Critical


    http://technet.microsoft.com/security/bulletin/MS12-004
    - Reason for Revision: V1.1 (January 11, 2012): Clarified the FAQ
    entries for CVE-2012-0003 that address the scope of the
    vulnerability and how an attacker could exploit
    the vulnerability. These are informational changes only. There
    were no changes to the security update files or detection logic.
    - Originally posted: January 10, 2012
    - Updated: January 11, 2012
    - Bulletin Severity Rating: Critical
    - Version: 1.1
  6. NICK ADSL UK
    Offline

    NICK ADSL UK Administrator

    Microsoft Security Bulletin Minor Revisions - Jan. 18, 2012
    Summary
    =======
    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS11-049 - Important
    * MS11-JUN
    * MS12-006 - Important

    Bulletin Information:
    =====================

    * MS11-049 - Important


    http://technet.microsoft.com/security/bulletin/MS11-049
    - Reason for Revision: V2.2 (January 18, 2012): Added a note
    to the Affected and Non-Affected Software section to clarify
    that this update also applies to 32-bit and x64-based
    SQL Server 2008 and SQL Server 2008 R2 Express and
    Express Advanced Editions.
    - Originally posted: June 14, 2011
    - Updated: January 18, 2012
    - Bulletin Severity Rating: Important
    - Version: 2.2

    * MS11-JUN
    http://technet.microsoft.com/security/bulletin/MS11-JUN

    Reason for Revision: V3.1 (January 18, 2012): For MS11-049,
    added a note to the Affected Software and Download Locations
    section to clarify that this update also applies to 32-bit and
    x64-based SQL Server 2008 and SQL Server 2008 R2 Express and
    Express Advanced Editions.
    - Originally posted: June 14, 2011
    - Updated: January 18, 2012
    - Version: 3.1

    * MS12-006 - Important

    http://technet.microsoft.com/security/bulletin/MS12-006
    Reason for Revision: V1.1 (January 18, 2012): Added MS10-085 as
    a bulletin replaced by the KB2585542 update for Windows 7 for
    32-bit Systems, Windows 7 for x64-based Systems,
    Windows Server 2008 R2 for x64-based Systems, and
    Windows Server 2008 R2 for Itanium-based Systems.
    This is an informational change only. There were no changes to
    the detection logic or the update files.
    - Originally posted: January 10, 2012
    - Updated: January 18, 2012
    - Bulletin Severity Rating: Important
    - Version: 1.1
Thread Status:
Not open for further replies.