Microsoft Security Bulletin(s) for October 9 2012

Discussion in 'other security issues & news' started by NICK ADSL UK, Oct 9, 2012.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin(s) for October 9 2012
    Note: There may be latency issues due to replication, if the page does not display keep refreshing

    Today Microsoft released the following Security Bulletin(s).

    Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

    Bulletin Summary:
    http://technet.microsoft.com/en-us/security/bulletin/ms12-oct



    Critical (1)
    Microsoft Security Bulletin MS12-064
    Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319)
    http://technet.microsoft.com/en-us/security/bulletin/ms12-064


    Important (6)
    Microsoft Security Bulletin MS12-065
    Vulnerability in Microsoft Works Could Allow Remote Code Execution (2754670)
    http://technet.microsoft.com/en-us/security/bulletin/ms12-065


    Microsoft Security Bulletin MS12-066
    Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517)
    http://technet.microsoft.com/en-us/security/bulletin/ms12-066

    Microsoft Security Bulletin MS12-067
    Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2742321)
    http://technet.microsoft.com/en-us/security/bulletin/ms12-067

    Microsoft Security Bulletin MS12-068
    Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2724197)
    http://technet.microsoft.com/en-us/security/bulletin/ms12-068

    Microsoft Security Bulletin MS12-069
    Vulnerability in Kerberos Could Allow Denial of Service (2743555)
    http://technet.microsoft.com/en-us/security/bulletin/ms12-069

    Microsoft Security Bulletin MS12-070
    Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849)
    http://technet.microsoft.com/en-us/security/bulletin/ms12-070



    Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

    Security Tool
    Find out if you are missing important Microsoft product updates by using MBSA.
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    TechNet Webcast: Information About the October 2012 Security Bulletin Release

    Event ID: 1032522558

    Starts: Wednesday, October 10, 2012 11:00 AM
    Time zone: (GMT-08:00) Pacific Time (US & Canada)
    Duration: 1 hour(s)



    Language(s): English.



    Product(s): computer security and information security.



    Audience(s): IT Decision Maker, IT Implem_IT Generalist and IT Manager.



    Join us for a brief overview of the technical details of this month's Microsoft security bulletins. We intend to address your concerns in this webcast. Therefore, Microsoft security experts devote most of this webcast to answering the questions that you ask.


    Presented by:

    Dustin Childs, Senior Security Program Manager, Microsoft Security Response Center, Microsoft Corporation

    and

    Jonathan Ness, Principal Security Development Lead, Microsoft Corporation


    Register now for the October security bulletin webcast.
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Re-Releases - Oct. 9, 2012
    Summary

    The following bulletins have undergone a major revision increment.
    Please see the appropriate bulletin for more details.

    * MS12-043 - Critical
    * MS12-053 - Critical
    * MS12-054 - Critical
    * MS12-055 - Important
    * MS12-058 - Critical
    * MS12-JUL
    * MS12-AUG

    Bulletin Information:

    * MS12-043 - Critical
    http://technet.microsoft.com/security/bulletin/MS12-043

    - Reason for Revision: V3.0 (October 9, 2012): Added Microsoft
    XML Core Services 4.0 when installed on supported editions of
    Windows 8 and Windows Server 2012 to affected software and
    announced a corresponding detection change for the KB2721691
    update package. Customers who have installed Microsoft XML
    Core Services 4.0 on systems running Windows 8 or Windows
    Server 2012 need to install the KB2721691 update to be
    protected from the vulnerability described in this bulletin.
    See the update FAQ for details.
    - Originally posted: July 10, 2012
    - Updated: October 9, 2012
    - Bulletin Severity Rating: Critical
    - Version: 3.0

    * MS12-053 - Critical
    http://technet.microsoft.com/security/bulletin/MS12-053

    - Reason for Revision: V2.0 (October 9, 2012): Revised bulletin
    to offer the rerelease of the KB723135 update for Windows XP.
    Customers need to apply the rereleased update packages to
    avoid an issue with digital certificates described in
    Microsoft Security Advisory 2749655.
    - Originally posted: August 14, 2012
    - Updated: October 9, 2012
    - Bulletin Severity Rating: Critical
    - Version: 2.0

    * MS12-054 - Critical
    http://technet.microsoft.com/security/bulletin/MS12-054

    - Reason for Revision: V2.0 (October 9, 2012): Revised
    bulletin to offer the rerelease of the KB2705219 update
    for Windows XP, Windows Server 2003, Windows Vista, Windows
    Server 2008, Windows 7, and Windows Server 2008 R2. Customers
    need to apply the rereleased update packages to avoid an issue
    with digital certificates described in Microsoft Security
    Advisory 2749655.
    - Originally posted: August 14, 2012
    - Updated: October 9, 2012
    - Bulletin Severity Rating: Critical
    - Version: 2.0

    * MS12-055 - Important
    http://technet.microsoft.com/security/bulletin/MS12-055

    - Reason for Revision: V2.0 (October 9, 2012): Revised
    bulletin to offer the rerelease of the KB2731847 update
    for Windows XP, Windows Server 2003, Windows Vista, Windows
    Server 2008, Windows 7, and Windows Server 2008 R2. Customers
    need to apply the rereleased update packages to avoid an
    issue with digital certificates described in Microsoft
    Security Advisory 2749655.
    - Originally posted: August 14, 2012
    - Updated: October 9, 2012
    - Bulletin Severity Rating: Important
    - Version: 2.0

    * MS12-058 - Critical
    http://technet.microsoft.com/security/bulletin/MS12-058

    - Reason for Revision: V2.0 (October 9, 2012): Revised bulletin
    to offer the rerelease of updates for Microsoft Exchange Server
    2007 Service Pack 3 (KB2756496), Microsoft Exchange Server 2010
    Service Pack 1 (KB2756497), and Microsoft Exchange Server 2010
    Service Pack 2 (KB2756485). Customers need to apply the
    rereleased updates to avoid an issue with digital certificates
    described in Microsoft Security Advisory 2749655.
    - Originally posted: August 14, 2012
    - Updated: October 9, 2012
    - Bulletin Severity Rating: Critical
    - Version: 2.0

    * MS12-JUL
    http://technet.microsoft.com/en-us/security/bulletin/ms12-043

    - Reason for Revision: V3.0 (October 9, 2012): For MS12-043,
    added Microsoft XML Core Services 4.0 when installed on
    supported editions of Windows 8 and Windows Server 2012
    to affected software. See the MS12-043 bulletin for details.
    - Originally posted: July 10, 2012
    - Updated: October 9, 2012
    - Version: 3.0

    * MS12-AUG
    http://technet.microsoft.com/security/bulletin/ms12-JUL

    - Reason for Revision: V2.0 (October 9, 2012): Bulletin
    Summary revised to coincide with the rerelease of update
    packages in MS12-053, MS12-054, MS12-055, and MS12-058.
    Customers need to apply the rereleased update packages
    to avoid an issue with digital certificates described in
    Microsoft Security Advisory 2749655. See the bulletins
    for more information.
    - Updated: October 9, 2012
    - Version: 3.0
     
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Last 5 Published or Updated Security Advisories:

    Microsoft Security Advisory (2749655)
    Compatibility Issues Affecting Signed Microsoft Binaries
    Published or Last Updated: Tuesday, October 09, 2012
    http://technet.microsoft.com/en-us/security/advisory/2749655

    Microsoft Security Advisory (2737111)
    Vulnerabilities in Microsoft Exchange and FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution
    Published or Last Updated: Tuesday, October 09, 2012
    http://technet.microsoft.com/en-us/security/advisory/2737111

    Microsoft Security Advisory (2661254)
    Update For Minimum Certificate Key Length
    Published or Last Updated: Tuesday, October 09, 2012
    http://technet.microsoft.com/en-us/security/advisory/2661254

    Microsoft Security Advisory (2755801)
    Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
    Published or Last Updated: Monday, October 08, 2012
    http://technet.microsoft.com/en-us/security/advisory/2755801

    Microsoft Security Advisory (2757760)
    Vulnerability in Internet Explorer Could Allow Remote Code Execution
    Published or Last Updated: Friday, September 21, 2012
    http://technet.microsoft.com/en-us/security/advisory/2757760
     
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft® Windows® Malicious Software Removal Tool (KB890830)

    This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

    Quick details
    Version: 4.13 Date published: 10/9/2012
    Change language:
    KB articles: KB890830
    File name Size
    Windows-KB890830-V4.13.exe 16.2 MB

    New anti-malware additions

    We have added detection and cleaning capabilities for the following malware:

    Nitol
    http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32/Nitol

    OneScan
    http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32/OneScan
     
  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Minor Revisions - Oct 23, 2012
    Summary
    =======
    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS12-043
    * MS12-066
    * MS12-OCT

    Bulletin Information:
    =====================

    * MS12-043 - Important

    http://technet.microsoft.com/security/bulletin/ms12-043
    - Reason for Revision: V3.1 (October 23, 2012): Added the
    KB2721691 update to the Bulletin FAQ that explains which
    updates are available for Windows 8 Release Preview and
    Windows Server 2012 Release Candidate.
    - Originally posted: July 10, 2012
    - Updated: October 23, 2012
    - Bulletin Severity Rating: Critical
    - Version: 3.1

    * MS12-066 - Important

    http://technet.microsoft.com/security/bulletin/ms12-066
    - Reason for Revision: V1.3 (October 23, 2012): Added Microsoft
    Windows SharePoint Services 3.0 Service Pack 3 (32-bit version)
    and Microsoft Windows SharePoint Services 3.0 Service Pack 3
    (64-bit version) to the Affected Software section. This is a
    bulletin change only. There were no changes to the detection
    logic or security update files.
    - Originally posted: October 9, 2012
    - Updated: October 23, 2012
    - Bulletin Severity Rating: Important
    - Version: 1.3

    * MS12-OCT

    http://technet.microsoft.com/security/bulletin/ms12-oct
    - Reason for Revision: V1.3 (October 23, 2012): For MS12-066,
    added Microsoft Windows SharePoint Services 3.0 Service Pack 3
    (32-bit version) and Microsoft Windows SharePoint Services 3.0
    Service Pack 3 (64-bit version) to the Affected Software and
    Download Locations section. This is an informational change
    only. There were no changes to the detection logic or security
    update files.
    - Originally posted: October 9, 2012
    - Updated: October 23, 2012
    - Version: 1.3
     
  7. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Advisory (2755801)

    Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10

    Published: Friday, September 21, 2012 | Updated: Tuesday, October 23, 2012

    Version: 3.0


    General Information

    Executive Summary

    Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10.


    http://technet.microsoft.com/en-us/security/advisory/2755801
     
Loading...
Thread Status:
Not open for further replies.