SecurityGarden

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Friday, September 21, 2012

Microsoft MS12-063 – Critical Cumulative Security Update for Internet Explorer

Posted on 10:41 AM by Unknown

Microsoft released MS12-063, a cumulative update for Internet Explorer addressing Security Advisory 2757760 as well as four other critical-class remote code execution issues.  The update requires a restart.
    The Bulletin addresses the following issues from the Common Vulnerabilities and Exposures (CVE) list:
    • OnMove Use After Free Vulnerability - CVE-2012-1529.
    • Event Listener Use After Free Vulnerability - CVE-2012-2546.
    • Layout Use After Free Vulnerability - CVE-2012-2548.
    • cloneNode Use After Free Vulnerability - CVE-2012-2557.
    • execCommand Use After Free Vulnerability - CVE-2012-4969.
    Internet Explorer 10 on Windows 8 and Windows Server 2012 is not affected.  All other versions of Internet Explorer are affected

    Support

    The following additional information is provided in the Security Bulletin:
    • The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
    • Security solutions for IT professionals: TechNet Security Troubleshooting and Support
    • Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center
    • Local support according to your country: International Support

    References

    • MSRC: Microsoft releases MS12-063 – Cumulative Security Update for Internet Explorer
    • TechNet: Microsoft Security Bulletin MS12-063 - Critical




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Read More
    Posted in IE6, IE7, IE8, IE9, Microsoft, Security, Updates, Vulnerabilities | No comments

    Wednesday, September 19, 2012

    Out of Band Internet Explorer Security Update

    Posted on 6:51 PM by Unknown
    Security Bulletin
    On Friday, September 21, 2012, Microsoft  will release MS12-063, a cumulative update for Internet Explorer addressing Security Advisory 2757760 as well as four other critical-class remote code execution issues.  The update will require a restart.

    Microsoft Fix it

    In addition, a Microsoft Fix it solution is available now for applying ahead of the update to protect your computer.

    Fix it
    EnableDisable
    Fix this problem
    Microsoft Fix it 50939     		Fix this problem
          Microsoft Fix it 50938

    (HT:  ky331)

    References

    • MSRC Blog:  Internet Explorer Fix it available now; Security Update scheduled for Friday
    • TechNet: Microsoft Security Bulletin Advance Notification for September 2012 
    • Microsoft Security Advisory: Vulnerability in Internet Explorer could allow remote code execution




      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Read More
      Posted in FixIt, IE6, IE7, IE8, IE9, Microsoft, Security, Updates, Vulnerabilities | No comments

      Tuesday, September 18, 2012

      Microsoft Security Advisory 2757760

      Posted on 9:02 AM by Unknown
      Security Advisory
      Microsoft released Security Advisory 2757760 to address an issue that affects all versions of Internet Explorer except IE10.

      Current exploits of this vulnerability occur with Internet Explorer using third-party software, most particularly Oracle’s Java, when visiting a website hosting malicious code.

      Update:  It was reported at the MSRC Blog that a Microsoft Fix it solution will be issued within the next few days.  In the interim, it was also stated that this vulnerability is currently not widespread.  See the update at Additional information about Internet Explorer and Security Advisory 2757760.

      Recommendations:

      Uninstall Java -- Most home computer users no longer need Java.  Following are reasons why someone may need Oracle Sun Java installed on their computer:

      • Playing on-line games generally requires Java.
      • With OpenOffice, Java is needed for the items listed  here. 
      • It used to be that Java was needed for websites to be properly displayed. However, that is generally not the case now with Flash having taken over.
      • There may be commercial programs that depend on Java. If Java is needed for a software installed on your computer, there should be a prompt for it.
      If you need Java, be sure you have uninstalled all old, vulnerable versions and have only the most recent release installed on your computer.

      Install and configure EMET -- The Enhanced Mitigation Experience Toolkit was designed to help prevent hackers from gaining access to your system. It prevents exploitation by applying in-box mitigations such as DEP to configured applications.

      The simple steps needed to add iexplore.exe to EMET and other actions are provided in the "Suggested Actions" section of the Security Advisory.  When checking EMET, I was pleased to see that I had already added iexplore.exe. 


      References:

      • MSRC: Microsoft Releases Security Advisory 2757760
      • Tech Net Advisory: Microsoft Security Advisory (2757760) Vulnerability in Internet Explorer Could Allow Remote Code Execution
      • Download:  EMET (Enhanced Mitigation Toolkit v3.0)



      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...
      Read More
      Posted in Advisory, Microsoft, Security, Vulnerabilities | No comments

      Tuesday, September 11, 2012

      Microsoft Security Bulletin Release for September 2012

      Posted on 10:12 AM by Unknown

      Microsoft released two (2) bulletins, of which both bulletins are identified Important.  The bulletins are related to Elevation of Privilege, although neither is known to be under active exploit in the wild.

      The bulletins address twenty-six vulnerabilities in Microsoft Windows, Internet Explorer, Exchange Server, SQL Server, Server Software, Developer Tools, and Office.  Although they do not require a restart, it is advised to restart the computer after installing the updates.
      • MS12-061 (Visual Studio Team Foundation Server) This security update resolves a privately reported vulnerability in Visual Studio Team Foundation Server. This bulletin is rated Important for Microsoft Visual Studio Team Foundation Server 2010 Service Pack 1.
      • MS12-062 (System Center Configuration Manager) This security update resolves a privately reported vulnerability in Microsoft System Center Configuration Manager. The bulletin is rated Important for Microsoft Systems Management Server 2003 Service Pack 3 and Microsoft System Center Configuration Manager 2007 Service Pack 2.


      Support

      The following additional information is provided in the Security Bulletin:
      • The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
      • Security solutions for IT professionals: TechNet Security Troubleshooting and Support
      • Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center
      • Local support according to your country: International Support

      References

      • MSRC: Update Tuesday overview for September 2012
      • TechNet: Microsoft Security Bulletin Summary for September 2012
      • Security and Safety Center:  Microsoft security updates for Spetember 2012 




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Read More
      Posted in Microsoft, Security, Updates, Vulnerabilities | No comments

      Thursday, September 6, 2012

      Security Bulletin Advance Notice for September 2012

      Posted on 11:07 AM by Unknown
      Security Bulletin
      On Tuesday, September 11, 2012, Microsoft is planning to release two (2) bulletins, of which both bulletins are identified Important.  The bulletins are related to Elevation of Privilege.  Although they do not require a restart, it is advised to restart the computer after installing the updates.


      ==================================
      NEW BULLETIN SUMMARY
      ==================================
      Bulletin ID: Bulletin 1
      Maximum Severity Rating:  Important
      Vulnerability Impact: Elevation of Privilege Restart Requirement: No restart required Affected Software: Microsoft Visual Studio Team Foundation Server 2010
      ----------------------------
      Bulletin ID: Bulletin 2
      Maximum Severity Rating: Important
      Vulnerability Impact: Elevation of Privilege Restart Requirement: No restart required Affected Software: Microsoft Systems Management Server 2003 and Microsoft System Center Configuration Manager 2007.
      ----------------------------


      As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

      IT Administrators are advised to pay particular attention to the information in the MSRC Blog regarding Security Advisory 2661254 (Update For Minimum Certificate Key Length).

      References

      • MSRC Blog:  September ANS and an important heads-up concerning certificates
      • TechNet: Microsoft Security Bulletin Advance Notification for September 2012


      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Read More
      Posted in Microsoft, Security, Updates, Vulnerabilities | No comments
      Newer Posts Older Posts Home
      Subscribe to: Comments (Atom)

      Popular Posts

      • Security Bulletin Advance Notice for August, 2013
        On Tuesday, August 13, 2013, Microsoft is planning to release eight (8) bulletins.  Three of the bulletins are identified as Critical with f...
      • Critical Out-of-Band Update Released for MS10-046
        Microsoft released Security Bulletin MS10-046 out-of-band to address a vulnerability in Windows. The security update is identified as crit...
      • Hotmail Security to Protect and Recover Your Account
        Time and time again I see reports from Hotmail users who have lost control of their e-mail account.  As explained by Walter Harp, Director o...
      • Long Awaited Outlook.com Calendar Refresh Rollout
        The long-awaited Outlook.com calendar refresh has been released and is in the process of being rolled out. Because the servers are grouped i...
      • Microsoft Security Advisory 2269637 Released
        Microsoft released Security Advisory 2269637 which relates to a remote attack vector to a class of vulnerabilities affecting applications t...
      • Oracle Java Update
        Oracle released the Java SE 7u40 today.  In addition to bug fixes and enhancements, the update includes the following: advanced monitoring ...
      • Adobe Reader Security Updates
        Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.03) and earlier versions for Windows and Macintosh. Adobe identif...
      • Advance Notice: Security Updates for Java SE
        The Sun Security Blog published the following update announcement: "On November 3, 2009, Sun will release the following security update...
      • Adobe Flash Player and Adobe Air Security Updates
        Adobe released updates to both Adobe Flash Player and Adobe AIR to correct a critical vulnerability in both products. From the Adobe Securi...
      • Waledac Botnet Takedown
        The Waledac botnet had the capability of sending 1.5 billion spam e-mails per day. During a three-week period in December, 2009, approximat...

      Categories

      • Adobe
      • Advisory
      • Amero
      • AntiVirus
      • Apple
      • Ask
      • AVG
      • Bing
      • Browser
      • Child Safety
      • email
      • ESET
      • Ethics
      • Facebook
      • Firefox
      • Firewall
      • FixIt
      • Fraud
      • General
      • Google
      • Hotmail
      • IE10
      • IE6
      • IE7
      • IE8
      • IE9
      • Java
      • Lavasoft
      • malware
      • Microsoft
      • Microsoft Apps
      • Mozilla
      • MVP
      • NCSAM
      • Office
      • Office 2007
      • Office 2010
      • Opera
      • Outlook.com
      • Phishing
      • Privacy
      • safety
      • Search
      • Security
      • Service Pack
      • SkyDrive
      • Skype
      • Software
      • SP1
      • sp2
      • SP3
      • Spotlight
      • Sumatra
      • tutorial
      • UAC
      • Updates
      • Vulnerabilities
      • Windows
      • Windows 7
      • Windows 8
      • Windows Live
      • Windows Live OneCare
      • Windows Vista
      • Windows XP
      • WinPatrol

      Blog Archive

      • ►  2013 (93)
        • ►  October (2)
        • ►  September (8)
        • ►  August (9)
        • ►  July (5)
        • ►  June (8)
        • ►  May (7)
        • ►  April (15)
        • ►  March (9)
        • ►  February (16)
        • ►  January (14)
      • ▼  2012 (98)
        • ►  December (7)
        • ►  November (6)
        • ►  October (11)
        • ▼  September (5)
          • Microsoft MS12-063 – Critical Cumulative Security ...
          • Out of Band Internet Explorer Security Update
          • Microsoft Security Advisory 2757760
          • Microsoft Security Bulletin Release for September ...
          • Security Bulletin Advance Notice for September 2012
        • ►  August (10)
        • ►  July (8)
        • ►  June (12)
        • ►  May (7)
        • ►  April (12)
        • ►  March (6)
        • ►  February (6)
        • ►  January (8)
      • ►  2011 (130)
        • ►  December (8)
        • ►  November (10)
        • ►  October (7)
        • ►  September (12)
        • ►  August (9)
        • ►  July (6)
        • ►  June (13)
        • ►  May (14)
        • ►  April (13)
        • ►  March (15)
        • ►  February (10)
        • ►  January (13)
      • ►  2010 (146)
        • ►  December (10)
        • ►  November (15)
        • ►  October (19)
        • ►  September (15)
        • ►  August (14)
        • ►  July (8)
        • ►  June (19)
        • ►  May (5)
        • ►  April (11)
        • ►  March (6)
        • ►  February (14)
        • ►  January (10)
      • ►  2009 (33)
        • ►  December (11)
        • ►  November (11)
        • ►  October (11)
      Powered by Blogger.

      About Me

      Unknown
      View my complete profile