Virus.Org

Well our first patch tuesday commentary for a while, welcome to the August 2012 patch Tuesday, we have a bumper summer batch of patches. We’ve nine advisories covering a variety of Microsoft products including Microsoft Windows, Internet Explorer, Microsoft Office, Microsoft SQL Server and Microsoft Exchange.

Windows Security

This months advisories include

  • MS12-052 Cumulative Security Update for Internet Explorer (Critical)
  • MS12-053 Vulnerability in Remote Desktop Could Allow Remote Code Execution (Critical)
  • MS12-054 Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution (Critical)
  • MS12-055 Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (Important)
  • MS12-056 Vulnerability in JScript and VBScript Engines Could Allow Remote Code Execution (Important)
  • MS12-057 Vulnerability in Microsoft Office Could Allow Remote Code Execution (Important)
  • MS12-058 Vulnerabilities in Microsoft Exchange Server WebReady Document Viewing Could Allow Remote Code Execution (Critical)
  • MS12-059 Vulnerability in Microsoft Visio Could Allow Remote Code Execution (Important)
  • MS12-060 Vulnerability in Windows Common Controls Could Allow Remote Code Execution (Critical)

Over the nine advisories we have 26 vulnerabilities total patched, with 13 of them originating from Microsoft and 13 from a surprise source.

MS12-052 patches critical flaws in Internet Explorer code, including a “use-after-free” class of memory corruption vulnerability as detailed in CVE-2012-1526. Multiple other bugs for Internet 7, 8 and 9 are all being patched, including the MSXML5 update for CVE-2012-1889.

This months patches include fixes for something that isn’t developed my Microsoft, it includes patches for Oracle’s “Outside In” third party libraries running on Exchange. Reports have been circulating since July of the flaws and it has been reported by US-CERT that flaws affect other products other than Microsoft Exchange including Oracle Fusion Middleware, Guidance Encase Forensics, AccessData FTK, and Novell Groupwise.

You can find out more about this months patches here. As usual, get those updates rolled out as soon as possible and don’t forget to reboot as pretty much all of them require a reboot.