Well it’s Patch Tuesday, or what some people call “Black” Tuesday.
Seven security bulletins were released for Microsoft products, which were about 11-12 vulnerabilities at least being patched. Could be more on some systems.
Current bulletins for this round:
- MS12-077 Cumulative Security Update for Internet Explorer
- MS12-078 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
- MS12-079 Vulnerability in Microsoft Word Could Allow Remote Code Execution
- MS12-080 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution
- MS12-081 Vulnerability in Windows File Handling Component Could Allow Remote Code Execution
- MS12-082 Vulnerability in DirectPlay Could Allow Remote Code Execution
- MS12-083 Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass
(Key: Important – Critical)
For the December Adobe Updates…The updates are for Adobe Flash Player 11.5.502.110 and earlier versions for Windows and Macintosh, Adobe Flash Player 188.8.131.52 and earlier versions for Linux, Adobe Flash Player 184.108.40.206 and earlier versions for Android 4.x, and Adobe Flash Player 220.127.116.11 and earlier versions for Android 3.x and 2.x, Adobe said.
The three updates fix a buffer overflow vulnerability, integer overflow vulnerability and a memory corruption vulnerability, all three of which could lead to code execution, Adobe also said.
Here’s a small update to yesterday’s Patch Tuesday. Microsoft seemed to have only two critical fixes…
The first patch, MS12-061, applies to Microsoft Visual Studio Team Foundation Server. The other update, MS12-062, fixes a flaw in Microsoft Systems Management Server 2003 and Microsoft System Center Configuration Manager 2007.
Note to system administrators: Microsoft is urging you to test out the following update: KB2661254, which is an update to help mitigate the risks associated with the Flame malware. It won’t be released until October. But, it is available for testing purposes. It is best ot thicken your SSL certifications.
- September 2012 Patch Tuesday Update (ibm.com)
- Microsoft says “No!” to insecure certificate practices (nakedsecurity.sophos.com)