Microsoft Security Bulletin(s) for December 11 2012

Microsoft Security Bulletin(s) for December 11 2012
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
http://technet.microsoft.com/en-us/security/bulletin/ms12-dec



Critical (5)

Microsoft Security Bulletin MS12-077
Cumulative Security Update for Internet Explorer (2761465)
http://technet.microsoft.com/en-us/security/bulletin/ms12-077

Microsoft Security Bulletin MS12-078
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534)
http://technet.microsoft.com/en-us/security/bulletin/ms12-078

Microsoft Security Bulletin MS12-079
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642)
http://technet.microsoft.com/en-us/security/bulletin/ms12-079

Microsoft Security Bulletin MS12-080
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126)
http://technet.microsoft.com/en-us/security/bulletin/ms12-080

Microsoft Security Bulletin MS12-081
Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857)
http://technet.microsoft.com/en-us/security/bulletin/ms12-081





Important (2)

Microsoft Security Bulletin MS12-082
Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660)
http://technet.microsoft.com/en-us/security/bulletin/ms12-082

Microsoft Security Bulletin MS12-083
Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809)
http://technet.microsoft.com/en-us/security/bulletin/ms12-083






Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

TechNet Webcast: Information About the December 2012 Security Bulletin Release

Event ID: 1032522564

Language(s): English.

Product(s): computer security and information security.

Audience(s): IT Decision Maker, IT Implem_IT Generalist and IT Manager.

Join us for a brief overview of the technical details of this month's Microsoft security bulletins. We intend to address your concerns in this webcast. Therefore, Microsoft security experts devote most of this webcast to answering the questions that you ask.

Starts: Wednesday, December 12, 2012 11:00 AM
Time zone: (GMT-08:00) Pacific Time (US & Canada)
Duration: 1 hour(s)


Presented by:

Dustin Childs, Group Manager, Trustworthy Computing, Microsoft Corporation

and

Jonathan Ness, Principal Security Development Lead, Microsoft Corporation


Register now for the December security bulletin webcast.

 

********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: December 11, 2012
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS12-043 - Critical
* MS12-050 - Important
* MS12-057 - Important
* MS12-059 - Important
* MS12-060 - Important
* MS12-JUL
* MS12-AUG


Bulletin Information:
=====================

* MS12-043 - Critical

- http://technet.microsoft.com/security/bulletin/MS12-043
- Reason for Revision: V4.0 (December 11, 2012): Rereleased
bulletin to replace the KB2687324 update with the KB2687627
update for Microsoft XML Core Services 5.0 when installed on
Microsoft Office 2003 Service Pack 3, and to replace the
KB2596679 update with the KB2687497 update for Microsoft XML
Core Services 5.0 when installed with all affected editions
of Microsoft Groove 2007, Microsoft Groove Server 2007, and
Microsoft Office SharePoint Server 2007. See the update
FAQ for details.
- Originally posted: July 10, 2012
- Updated: December 11, 2012
- Bulletin Severity Rating: Critical
- Version: 4.0

* MS12-050 - Important

- http://technet.microsoft.com/security/bulletin/MS12-050
- Reason for Revision: V2.0 (December 11, 2012): Rereleased
this bulletin to announce availability of an update for
Microsoft Windows SharePoint Services 2.0. No other update
packages are affected by this rerelease.
- Originally posted: July 10, 2012
- Updated: December 11, 2012
- Bulletin Severity Rating: Important
- Version: 2.0

* MS12-057 - Important

- http://technet.microsoft.com/security/bulletin/MS12-057
- Reason for Revision: V2.0 (December 11, 2012): Rereleased
bulletin to replace the KB2553260 and KB2589322 updates
with the KB2687501 and KB2687510 updates respectively for
Microsoft Office 2010 Service Pack 1. See the update FAQ
for details.
- Originally posted: August 14, 2012
- Updated: December 11, 2012
- Bulletin Severity Rating: Important
- Version: 2.0

* MS12-059 - Important

- http://technet.microsoft.com/security/bulletin/MS12-059
- Reason for Revision: V2.0 (December 11, 2012): Rereleased
bulletin to replace the KB2597171 update with the
KB2687508 update for all affected editions of Microsoft
Visio 2010.
- Originally posted: August 14, 2012
- Updated: December 11, 2012
- Bulletin Severity Rating: Important
- Version: 2.0

* MS12-060 - Critical

- http://technet.microsoft.com/security/bulletin/MS12-060
- Reason for Revision: V2.0 (December 11, 2012): Rereleased
bulletin to replace the KB2687323 update with the
KB2726929 update for Windows common controls on all
affected variants of Microsoft Office 2003, Microsoft
Office 2003 Web Components, and Microsoft SQL Server 2005.
- Originally posted: August 14, 2012
- Updated: December 11, 2012
- Bulletin Severity Rating: Important
- Version: 2.0

* MS12-Jul

- http://technet.microsoft.com/security/bulletin/ms12-Jul
- Reason for Revision: V5.0 (December 11, 2012): For MS12-043,
replaced the KB2687324 update with the KB2687627 update for
Microsoft XML Core Services 5.0 when installed on Microsoft
Office 2003 Service Pack 3, and replaced the KB2596679 update
with the KB2687497 update for Microsoft XML Core Services 5.0
when installed with all affected editions of Microsoft Groove
2007, Microsoft Groove Server 2007, and Microsoft Office
SharePoint Server 2007. See the MS12-043 bulletin for details.
- Originally posted: July 10, 2012
- Updated: December 11, 2012
- Version: 5.0

* MS12-Aug

- http://technet.microsoft.com/security/bulletin/ms12-Aug
- Reason for Revision: V3.0 (December 11, 2012): For MS12-057,
replaced the KB2553260 and KB2589322 updates with the
KB2687501 and KB2687510 updates respectively for all affected
editions of Microsoft Office 2010. For MS12-059, replaced the
KB2597171 update with the KB2687508 update for all affected
editions of Microsoft Visio 2010. For MS12-060, replaced the
KB2687323 update with the KB2726929 update for Windows common
controls on all affected variants of Microsoft Office 2003,
Microsoft Office 2003 Web Components, and Microsoft SQL
Server 2005.
- Originally posted: August 14, 2012
- Updated: December 11, 2012
- Version: 3.0

 

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2749655)
- Title: Compatibility Issues Affecting Signed Microsoft Binaries

http://technet.microsoft.com/security/advisory/274965
- Revision Note: V2.0 (December 11, 2012): Added the KB2687627
and KB2687497 updates described in MS12-043, the KB2687501 and
KB2687510 updates described in MS12-057, the KB2687508 update
described in MS12-059, and the KB2726929 update described in
MS12-060 to the list of available rereleases.

* Microsoft Security Advisory (2755801)
- Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer 10

http://technet.microsoft.com/security/advisory/2755801
- Revision Note: V5.0 (December 11, 2012): Added KB2785605 to
the Current update section.

 

: Microsoft Security Bulletin Re-Releases
Issued: December 20, 2012
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS12-078 - Critical
* MS12-dec


Bulletin Information:
=====================

* MS12-078 - Critical

- http://technet.microsoft.com/security/bulletin/MS12-078
- Reason for Revision: V2.0 (December 20, 2012): Rereleased
update KB2753842 to resolve an issue with OpenType fonts not
properly rendering after the original update was installed.
Customers who have successfully installed the original KB2753842
update need to install the rereleased update.
- Originally posted: December 11, 2012
- Updated: December 20, 2012
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS12-dec

- http://technet.microsoft.com/security/bulletin/ms12-dec
- Reason for Revision: V2.0 (December 20, 2012): For MS12-078,
rereleased update KB2753842 to resolve an issue with OpenType
fonts not properly rendering after the original update was
installed. Customers who have successfully installed the
original KB2753842 update need to install the rereleased update.
- Originally posted: December 11, 2012
- Updated: December 20, 2012
- Version: 2.0

 

Microsoft Security Advisory (2794220)

Vulnerability in Internet Explorer Could Allow Remote Code Execution

Published: Saturday, December 29, 2012

Version: 1.0
http://technet.microsoft.com/en-us/security/advisory/2794220