8 replies to this topic

[AplusWebMaster]

FYI...

Ref: http://technet.micro...curity/bulletin

- https://technet.micr...lletin/ms12-jun
June 12, 2012 - "This bulletin summary lists security bulletins released for June 2012...
(Total of -7-)

Critical -3-

Microsoft Security Bulletin MS12-036 - Critical
Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939)
- https://technet.micr...lletin/MS12-036
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS12-037 - Critical
Cumulative Security Update for Internet Explorer (2699988)
- https://technet.micr...lletin/ms12-037
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS12-038 - Critical
Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)
- https://technet.micr...lletin/ms12-038
Critical - Remote Code Execution - May require restart Microsoft Windows, Microsoft .NET Framework

Important -4-


Microsoft Security Bulletin MS12-039 - Important
Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)
- https://technet.micr...lletin/MS12-039
Important - Remote Code Execution - May require restart - Microsoft Lync

Microsoft Security Bulletin MS12-040 - Important
Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)
- https://technet.micr...lletin/ms12-040
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS12-041 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162)
- https://technet.micr...lletin/ms12-041
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS12-042 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)
- https://technet.micr...lletin/MS12-042
Important - Elevation of Privilege - Requires restart - Microsoft Windows

___

Certificate Trust List update...
- https://blogs.techne...Redirected=true
12 Jun 2012
RSA keys under 1024 bits are blocked
- https://blogs.techne...Redirected=true
11 Jun 2012

Bulletin deployment priority
- https://blogs.techne...12-Priority.png

Severity and exploitability index
- https://blogs.techne...12-Severity.png
___

Microsoft Security Advisory (2719615)
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution
- https://technet.micr...dvisory/2719615
June 12, 2012
0-day... CVE Reference: http://web.nvd.nist....d=CVE-2012-1889 - 9.3 (HIGH)
> http://support.micro...9615#FixItForMe

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.micr...dvisory/2269637
• V16.0 (June 12, 2012) - "... Updates relating to Insecure Library Loading section: MS12-039..."
___

ISC Analysis
- https://isc.sans.edu...l?storyid=13453
Last Updated: 2012-06-12 17:45:41 UTC
___

MSRT
- http://support.micro...om/?kbid=890830
June 12, 2012 - Revision: 103.0
(Recent additions)
- http://www.microsoft...e-families.aspx
... added this release...
• Cleaman
• Kuluoz

Download:
- http://www.microsoft...i...ng=en&id=16
File Name: Windows-KB890830-V4.9.exe - 15.5 MB
- https://www.microsof...ls.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.9.exe - 16.1 MB

.

Edited by AplusWebMaster, 26 June 2012 - 08:07 AM.

[AplusWebMaster]

FYI...

MS12-034: Description of the security update for CVE-2012-0181 in Windows XP and Windows Server 2003
- http://support.micro...ixItForMeAlways
Last Review: June 19, 2012 - Revision: 4.0 - "... If you receive the "0x8007F0F4" error when you try to install this security update, check to see if the %windir%\FaultyKeyboard.log file was created on the computer...
Known issues with this security update: In some scenarios, the %windir%\FaultyKeyboard.log file might not have been created on your computer. If the file was not created, follow these steps: To fix this problem automatically, click the Fix it button or link. Then click Run in the File Download dialog box, and follow the steps in the Fix it wizard..."

- http://web.nvd.nist....d=CVE-2012-0181 - 10.0 (HIGH)

Edited by AplusWebMaster, 02 July 2012 - 04:53 AM.

[AplusWebMaster]

FYI...

MS12-037 exploit in-the-wild
- http://nakedsecurity...ed-in-the-wild/
June 19, 2012 - "A critical Internet Explorer vulnerability, announced and patched by Microsoft in June's Patch Tuesday, is being exploited in the wild. The vulnerability is CVE-2012-1875*... patched in MS12-037**... Cunningly-crafted JavaScript code - which can be embedded in a web page to foist the exploit on unsuspecting vistors - is circulating freely on the internet. Also, the Metasploit exploitation framework now has a plug-in module which will generate malicious JavaScript for you on-the-fly to help you automate an attack... response is easy: if you haven't patched already, do so right away..."
* http://web.nvd.nist....d=CVE-2012-1875 - 9.3 (HIGH)

Cumulative Security Update for Internet Explorer (2699988) - Critical
** https://technet.micr...lletin/ms12-037
June 12, 2012

- http://www.symantec....er-gets-stumped
19 Jun 2012

- http://atlas.arbor.n...dex#-1257954642
Severity: Elevated Severity
Source: http://www.symantec....rt-1-trojannaid
18 Jun 2012
___

- https://www.us-cert..../TA12-174A.html
June 22, 2012
> http://support.micro...ixItForMeAlways

Edited by AplusWebMaster, 25 June 2012 - 07:55 AM.

[AplusWebMaster]

FYI...

WSUS KB 272011: Common issues encountered and how to fix them
- https://blogs.techne...Redirected=true
20 Jun 2012

An update for Windows Server Update Services 3.0 SP2 is available
- http://support.micro....com/kb/2720211
Last Review: June 18, 2012 - Revision: 6.0


Thanks to Susan Bradley!

[AplusWebMaster]

FYI...

IE9 may stop responding if DFX Audio Enhancer is installed
- http://support.micro...com/kb/2727797/
Last Review: June 22, 2012 - Revision: 2.0 ...
"Consider the following scenario:
You are running Windows Internet Explorer 9.
DFX Audio Enhancer version 10 is installed on the computer.
The following security update is installed on the computer:
2699988 MS12-037: Cumulative Security Update for Internet Explorer: June 12, 2012
In this scenario, Windows Internet Explorer 9 may stop responding, or "hang."
CAUSE: This issue occurs because of an incompatibility with an earlier version of DFX Audio Enhancer...
For more information about how to obtain the latest version of DFX, go to the following third-party webpage:
- http://www.fxsound.com/dfx/index.php ..."

[AplusWebMaster]

FYI...

Update for Windows Update ...
- http://h-online.com/-1624979
25 June 2012 - "Microsoft has released an unscheduled, non-patch day update for Windows to update the Windows Update function itself. However, according to reports from readers, the Windows Update Agent update does -not- always run smoothly... Users who run Windows Update are confronted with a message which says that an update for Windows Update needs to be installed before the system can check for other updates. On some computers, clicking the "Install Updates" button results in a failed installation with error code 80070057 or 8007041B. On heise Security's test Windows 7 computer, repeatedly attempting the update (click on "Check for updates" on the left) did eventually result in the update being successfully applied. Microsoft has provided a "Fix it" tool* for more stubborn cases in Knowledge Base Article 949104**. The update in question upgrades the Windows Update Agent from version 7.4.7600.226 to 7.6.7600.256 ..."
* Direct download: http://go.microsoft....?linkid=9767096

** http://support.microsoft.com/kb/949104

[AplusWebMaster]

FYI...

MS June cumulative updates have been released
- https://blogs.techne...Redirected=true
28 Jun 2012

2007 Office system cumulative update for June 2012
For Excel 2007: http://support.micro....com/kb/2712234 ...
June 26, 2012 - "The cumulative update packages for June 2012 contain the latest hotfixes for the 2007 Microsoft Office system and for the 2007 Office servers..."

Office 2010 cumulative update for June 2012
For Excel 2010: http://support.micro....com/kb/2712235 ...
June 28, 2012 - "The cumulative update packages for June 2012 contain the latest hotfixes for the Microsoft Office 2010 system and for the Office 2010 servers..."

[AplusWebMaster]

FYI...

Installing updates for the Microsoft .NET Framework 4 can take longer than expected
- http://support.micro...id=548#fixit4me
Last Review: July 3, 2012 - Rev: 4.0
... CAUSE: Updates to the .NET Framework 4 require a complete regeneration of the Native Image Cache, a very time-consuming operation. For some computers, an interaction with previously installed Native Images may cause Native Image regeneration to take much longer than expected. Although this issue only affects setup times, the effect can be several minutes to tens of minutes. Computers that have more Native Images installed will see longer generation times...
To fix this problem automatically, click the Fix it button or link. Then click Run in the File Download dialog box, and follow the steps in the Fix it wizard...

- http://support.micro...d=548#appliesto
APPLIES TO Microsoft .NET Framework 4

[AplusWebMaster]

FYI...

MSRT results to date - June 2012 release ...
- https://blogs.techne...Redirected=true
4 Jul 2012 - "... Since the release of the MSRT on June 12, we have removed 59,479 Win32/Cleaman threats from 56,982 computers..."