Microsoft Security Bulletin(s) for march 13, 2012

Discussion in 'other security issues & news' started by NICK ADSL UK, Mar 13, 2012.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin(s) for march 13, 2012
    Note: There may be latency issues due to replication, if the page does not display keep refreshing

    Today Microsoft released the following Security Bulletin(s).

    Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

    Bulletin Summary:

    http://technet.microsoft.com/en-us/security/bulletin/ms12-mar

    Critical (1)

    Microsoft Security Bulletin MS12-020 - Critical

    Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)

    Published: Tuesday, March 13, 2012

    Version: 1.0
    http://technet.microsoft.com/en-us/security/bulletin/ms12-020

    Important (4)

    Microsoft Security Bulletin MS12-017 - Important

    Vulnerability in DNS Server Could Allow Denial of Service (2647170)

    Published: Tuesday, March 13, 2012

    Version: 1.0
    http://technet.microsoft.com/en-us/security/bulletin/ms12-017

    Microsoft Security Bulletin MS12-018 - Important

    Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2641653)

    Published: Tuesday, March 13, 2012

    Version: 1.0
    http://technet.microsoft.com/en-us/security/bulletin/ms12-018

    Microsoft Security Bulletin MS12-021 - Important

    Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019)

    Published: Tuesday, March 13, 2012

    Version: 1.0
    http://technet.microsoft.com/en-us/security/bulletin/ms12-021

    Microsoft Security Bulletin MS12-022 - Important

    Vulnerability in Expression Design Could Allow Remote Code Execution (265101:cool:

    Published: Tuesday, March 13, 2012

    Version: 1.0
    http://technet.microsoft.com/en-us/security/bulletin/ms12-022

    moderate (1)

    Microsoft Security Bulletin MS12-019 - Moderate

    Vulnerability in DirectWrite Could Allow Denial of Service (2665364)

    Published: Tuesday, March 13, 2012

    Version: 1.0

    http://technet.microsoft.com/en-us/security/bulletin/ms12-019

    Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

    Security Tool
    Find out if you are missing important Microsoft product updates by using MBSA.
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    TechNet Webcast: Information about Microsoft Security Bulletins for March (Level 200)

    Event ID: 1032499508

    Starts: Wednesday, March 14, 2012 11:00 AM
    Time zone: (GMT-08:00) Pacific Time (US & Canada)
    Duration: 1 hour(s)


    Language(s): English.


    Product(s): computer security and information security.

    Audience(s): IT Decision Maker and IT Generalist.

    Join us for a brief overview of the technical details of this month's Microsoft security bulletins. We intend to address your concerns in this webcast. Therefore, Microsoft security experts devote most of this webcast to answering the questions that you ask.


    Presented By:

    Dustin Childs,
    Senior Security Program Manager, Microsoft Security Response Center, Microsoft Corporation

    Pete Voss , Senior Response Communications Manager, Microsoft Corporation

    Register now for the March security bulletin webcast.
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin MS10-058 - Important

    Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886)

    Published: Tuesday, August 10, 2010 | Updated: Tuesday, March 13, 2012

    Revisions
    V1.0 (August 10, 2010): Bulletin published.
    V1.1 (August 18, 2010): Added workaround for IPv6 Memory Corruption Vulnerability - CVE-2010-1892.
    V2.0 (March 13, 2012): Revised bulletin to announce a detection change that removes MS10-029 as the replaced bulletin for all supported editions of Windows Vista and Windows Server 2008. For more information, see the related entry in the update FAQ.
    http://technet.microsoft.com/en-us/security/bulletin/ms10-058
     
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Advisory (2269637)

    Insecure Library Loading Could Allow Remote Code Execution

    Published: Monday, August 23, 2010 | Updated: Tuesday, March 13, 2012

    Version: 15.0



    Revisions
    V1.0 (August 23, 2010): Advisory published.
    V1.1 (August 31, 2010): Added a link to Microsoft Knowledge Base Article 2264107 to provide an automated Microsoft Fix it solution for the workaround, Disable loading of libraries from WebDAV and remote network shares.
    V2.0 (November 9, 2010): Added Microsoft Security Bulletin MS10-087, "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution," to the Updates relating to Insecure Library Loading section.
    V3.0 (December 14, 2010): Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS10-093, "Vulnerability in Windows Movie Maker Could Allow Remote Code Execution;" MS10-094, "Vulnerability in Windows Media Encoder Could Allow Remote Code Execution;" MS10-095, "Vulnerability in Microsoft Windows Could Allow Remote Code Execution;" MS10-096, "Vulnerability in Windows Address Book Could Allow Remote Code Execution;" and MS10-097, "Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution."
    V4.0 (January 11, 2011): Added Microsoft Security Bulletin MS11-001, "Vulnerability in Windows Backup Manager Could Allow Remote Code Execution," to the Updates relating to Insecure Library Loading section.
    V5.0 (February 8, 2011): Added Microsoft Security Bulletin MS11-003, "Cumulative Security Update for Internet Explorer," to the Updates relating to Insecure Library Loading section.
    V6.0 (March 8, 2011): Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS11-015, "Vulnerabilities in Windows Media Could Allow Remote Code Execution;" MS11-016, "Vulnerability in Microsoft Groove Could Allow Remote Code Execution;" and MS11-017, "Vulnerability in Remote Desktop Client Could Allow Remote Code Execution."
    V7.0 (April 12, 2011): Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS11-023, "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution;" and MS11-025, "Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution."
    V8.0 (July 12, 2011): Added the update in Microsoft Knowledge Base Article 2533623 and the update in Microsoft Security Bulletin MS11-055, "Vulnerability in Microsoft Visio Could Allow Remote Code Execution," to the Updates relating to Insecure Library Loading section. The update in Microsoft Knowledge Base Article 2533623 implements Application Programming Interface (API) enhancements in Windows to help developers correctly and securely load external libraries.
    V9.0 (August 9, 2011): Added Microsoft Security Bulletin MS11-059, "Vulnerability in Data Access Components Could Allow Remote Code Execution," to the Updates relating to Insecure Library Loading section.
    V10.0 (September 13, 2011): Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS11-071, "Vulnerability in Windows Components Could Allow Remote Code Execution;" and MS11-073, "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution."
    V11.0 (October 11, 2011): Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS11-075, "Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution;" and MS11-076, "Vulnerability in Windows Media Center Could Allow Remote Code Execution."
    V12.0 (November 8, 2011): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS11-085, "Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution."
    V13.0 (December 13, 2011): Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS11-099, "Cumulative Security Update for Internet Explorer;" and MS11-094, "Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution."
    V14.0 (February 14, 2012): Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS12-012, "Vulnerability in Color Control Panel Could Allow Remote Code Execution;" and MS12-014, "Vulnerability in Indeo Codec Could Allow Remote Code Execution."
    V15.0 (March 13, 2012): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS12-022, "Vulnerability in Expression Design Could Allow Remote Code Execution."

    http://technet.microsoft.com/en-us/security/advisory/2269637#section14
     
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin MS12-022 - Important

    Vulnerability in Expression Design Could Allow Remote Code Execution (265101:cool:

    Published: Tuesday, March 13, 2012 | Updated: Wednesday, March 14, 2012


    Revisions
    V1.0 (March 13, 2012): Bulletin published.
    V1.1 (March 14, 2012): Removed erroneous installation switch option descriptions from the Security Update Deployment tables for all supported releases. This is an informational change only. There were no changes to the detection logic or the update files.
    http://technet.microsoft.com/en-us/security/bulletin/ms12-022#section25
     
Loading...
Thread Status:
Not open for further replies.