Microsoft Security Bulletin for January 10 2012

Microsoft Security Bulletin for January 10 2012

Microsoft Security Bulletin Summary for January 13 2012
Published: January 10 2011

Note: There may be latency issues due to replication, if the page does not display keep refreshing


Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the Microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


Today Microsoft released the following Security Bulletin(s).

Bulletin Summary:
http://technet.microsoft.com/en-us/security/bulletin/ms12-jan

Critical (1)


Microsoft Security Bulletin MS12-004 - Critical

Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)

Published: Tuesday, January 10, 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-004


Important (6)


Microsoft Security Bulletin MS12-001 - Important

Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)

Published: Tuesday, January 10, 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-001



Microsoft Security Bulletin MS12-002 - Important

Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381)

Published: Tuesday, January 10, 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-002


Microsoft Security Bulletin MS12-003 - Important

Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)
http://technet.microsoft.com/en-us/security/bulletin/ms12-003



Microsoft Security Bulletin MS12-005 - Important

Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)

Published: Tuesday, January 10, 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-005



Microsoft Security Bulletin MS12-006 - Important

Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)

Published: Tuesday, January 10, 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-006



Microsoft Security Bulletin MS12-007 - Important

Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664)

Published: Tuesday, January 10, 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-007

Moderate (0)




Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

TechNet Webcast: Information about Microsoft Security Bulletins for January (Level 200)

Event ID: 1032499498

Language(s): English.


Product(s): computer security and information security.
Audience(s): IT Decision Maker and IT Generalist.


Join us for a brief overview of the technical details of this month's Microsoft security bulletins. We intend to address your concerns in this webcast. Therefore, Microsoft security experts devote most of this webcast to answering the questions that you ask.

Starts: Wednesday, January 11, 2012 11:00 AM
Time zone: (GMT-08:00) Pacific Time (US & Canada)
Duration: 1 hour(s)



Presented By:


Pete Voss, Senior Response Communications Manager, Trustworthy Computing


Dustin Childs, Senior Security Program Manager, Microsoft Security Response Center, Microsoft Corporation



Register now for the January security bulletin webcast.

 

Microsoft Security Bulletin MS11-099 - Important
Cumulative Security Update for Internet Explorer (2618444)

Published: Tuesday, December 13, 2011 | Updated: Tuesday, January 10, 2012

Reason for Revision: V1.2 (January 10, 2012): Announced that
this update, MS11-099, enables the protections provided in the
Vulnerability in SSL/TLS Could Allow Information Disclosure
update, MS12-006, for Internet Explorer. For more information,
see the Update FAQ.
- Originally posted: December 13, 2011
- Updated: January 10, 2012
- Bulletin Severity Rating: Important
- Version: 1.2
http://technet.microsoft.com/en-us/security/bulletin/ms11-099

 

MS12-006: Vulnerability in SSL/TLS could allow information disclosure: January 10, 2012

Known issues with this security update

After you install this security update, you may experience authentication failure or loss of connectivity to some HTTPS servers.
This issue occurs because this security update changes the way that records are sent to HTTPS server.
http://support.microsoft.com/kb/2643584

 

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS12-007 - Important
* MS12-JAN

Bulletin Information:
=====================

* MS12-007 - Important

- http://technet.microsoft.com/security/bulletin/ms12-007
- Reason for Revision: V2.0 (January 11, 2012): Announced that
the original upgrade package, AntiXSS Library version 4.2, has
been replaced with AntiXSS Library version 4.2.1. All users of
the AntiXSS Library will need to upgrade to AntiXSS Library
version 4.2.1 to help ensure they are protected from the
vulnerability described in this bulletin. See the update FAQ
for more information.
- Originally posted: January 10, 2012
- Updated: January 11, 2012
- Bulletin Severity Rating: Important
- Version: 2.0

* MS12-JAN

- http://technet.microsoft.com/security/bulletin/ms12-JAN
- Reason for Revision: V2.0 (January 11, 2012): For MS12-003,
corrected exploitability assessment for latest software
release in the Exploitability Index for CVE-2012-0005. For
MS12-007, revised to announce bulletin rereleased.
See the MS12-007 bulletin for more information.
- Originally posted: January 10, 2012
- Updated: January 11, 2012
- Version: 2.0

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS12-004 - Critical

Bulletin Information:
=====================

* MS12-004 - Critical


http://technet.microsoft.com/security/bulletin/MS12-004
- Reason for Revision: V1.1 (January 11, 2012): Clarified the FAQ
entries for CVE-2012-0003 that address the scope of the
vulnerability and how an attacker could exploit
the vulnerability. These are informational changes only. There
were no changes to the security update files or detection logic.
- Originally posted: January 10, 2012
- Updated: January 11, 2012
- Bulletin Severity Rating: Critical
- Version: 1.1

 

Microsoft Security Bulletin Minor Revisions - Jan. 18, 2012
Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS11-049 - Important
* MS11-JUN
* MS12-006 - Important

Bulletin Information:
=====================

* MS11-049 - Important


http://technet.microsoft.com/security/bulletin/MS11-049
- Reason for Revision: V2.2 (January 18, 2012): Added a note
to the Affected and Non-Affected Software section to clarify
that this update also applies to 32-bit and x64-based
SQL Server 2008 and SQL Server 2008 R2 Express and
Express Advanced Editions.
- Originally posted: June 14, 2011
- Updated: January 18, 2012
- Bulletin Severity Rating: Important
- Version: 2.2

* MS11-JUN
http://technet.microsoft.com/security/bulletin/MS11-JUN

Reason for Revision: V3.1 (January 18, 2012): For MS11-049,
added a note to the Affected Software and Download Locations
section to clarify that this update also applies to 32-bit and
x64-based SQL Server 2008 and SQL Server 2008 R2 Express and
Express Advanced Editions.
- Originally posted: June 14, 2011
- Updated: January 18, 2012
- Version: 3.1

* MS12-006 - Important

http://technet.microsoft.com/security/bulletin/MS12-006
Reason for Revision: V1.1 (January 18, 2012): Added MS10-085 as
a bulletin replaced by the KB2585542 update for Windows 7 for
32-bit Systems, Windows 7 for x64-based Systems,
Windows Server 2008 R2 for x64-based Systems, and
Windows Server 2008 R2 for Itanium-based Systems.
This is an informational change only. There were no changes to
the detection logic or the update files.
- Originally posted: January 10, 2012
- Updated: January 18, 2012
- Bulletin Severity Rating: Important
- Version: 1.1