1 reply to this topic

[AplusWebMaster]

FYI...

- https://technet.micr...lletin/ms12-mar
March 13, 2012 - "This bulletin summary lists security bulletins released for March 2012...
(Total of -6-)

Critical -1-

Microsoft Security Bulletin MS12-020 - Critical
Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)
- https://technet.micr...lletin/ms12-020
Critical - Remote Code Execution - Requires restart - Microsoft Windows
> http://support.micro....com/kb/2671387
See: "Known issues and additional information about this security update..."

Important -4-

Microsoft Security Bulletin MS12-017 - Important
Vulnerability in DNS Server Could Allow Denial of Service (2647170)
- https://technet.micr...lletin/ms12-017
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS12-018 - Important
Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2641653)
- https://technet.micr...lletin/ms12-018
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS12-021 - Important
Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019)
- https://technet.micr...lletin/ms12-021
Important - Elevation of Privilege - May require restart - Microsoft Visual Studio

Microsoft Security Bulletin MS12-022 - Important
Vulnerability in Expression Design Could Allow Remote Code Execution (2651018)
- https://technet.micr...lletin/ms12-022
Important - Remote Code Execution - May require restart - Microsoft Expression Design
> http://support.micro....com/kb/2651018
See: "Known issues with this security update..."

Moderate -1-

Microsoft Security Bulletin MS12-019 - Moderate
Vulnerability in DirectWrite Could Allow Denial of Service (2665364)
- https://technet.micr...lletin/ms12-019
Moderate - Denial of Service - May require restart - Microsoft Windows
___

Bulletin Deployment Priority
- https://blogs.techne...eployment-2.png

Severity and Exploitability Index
- https://blogs.techne...r_2D00_XI-1.png

- https://blogs.techne...Redirected=true
___

ISC Analysis
- https://isc.sans.edu...l?storyid=12775
Last Updated: 2012-03-13 17:29:20 UTC
___

MSRT
- http://support.micro...om/?kbid=890830
March 13, 2012 - Revision: 100.0
(Recent additions)
- http://www.microsoft...e-families.aspx
... added this release...
• Dorkbot
• Hioles
• Yeltminky
• Pluzoks.A

- https://blogs.techne...Redirected=true
13 Mar 2012

Download:
- http://www.microsoft...i...ng=en&id=16
File Name: windows-kb890830-v4.6.exe - 14.8 MB
- https://www.microsof...ls.aspx?id=9905
x64 version of MSRT:
File Name: windows-kb890830-x64-v4.6.exe - 15.4 MB
.

Edited by AplusWebMaster, 16 March 2012 - 10:50 AM.

[AplusWebMaster]

FYI... RE: MS12-020 - Critical...

- https://blogs.techne...Redirected=true
13 Mar 2012 - "... we anticipate that an exploit for code execution will be developed in the next 30 days... Remote Desktop Protocol is disabled by default, so a majority of workstations are unaffected by this issue. However, we highly encourage you to apply the update right away on any systems where you have enabled Remote Desktop... Enabling NLA* will prevent older clients (including Windows XP and Windows Server 2003) from connecting, by default..."
* See the URL above for MS Fixit's...
> http://web.nvd.nist....d=CVE-2012-0002
Last revised: 03/14/2012 - "... Note that on Windows XP and Windows Server 2003, Remote Assistance can enable RDP..."
CVSS v2 Base Score: 9.3 (HIGH)

- http://www.symantec....eatconlearn.jsp
"... The Microsoft Remote Desktop Protocol (RDP) patch is especially critical. Although RDP is not enabled by default, when it is enabled many RDP servers are placed directly on the Internet. If RDP is being used, ensure it is patched as soon as possible. RDP should -not- be placed directly on the Internet. RDP should be remotely accessible only by trusted clients by way of a VPN or similar solution..."

- http://h-online.com/-1471581
14 March 2012 - "... some customers "need time to evaluate and test all bulletins before applying them", Microsoft has also provided a workaround and a no-reboot "Fix it" tool that enables Network-Level Authentication (NLA) to mitigate the problem..."

Edited by AplusWebMaster, 14 March 2012 - 08:22 AM.