• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
AplusWebMaster

MS Security Bulletin Summary - June 2012

9 posts in this topic

FYI...

 

Ref: http://technet.microsoft.com/en-us/security/bulletin

 

- https://technet.microsoft.com/en-us/security/bulletin/ms12-jun

June 12, 2012 - "This bulletin summary lists security bulletins released for June 2012...

(Total of -7-)

 

Critical -3-

 

Microsoft Security Bulletin MS12-036 - Critical

Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939)

- https://technet.microsoft.com/en-us/security/bulletin/MS12-036

Critical - Remote Code Execution - Requires restart - Microsoft Windows

 

Microsoft Security Bulletin MS12-037 - Critical

Cumulative Security Update for Internet Explorer (2699988)

- https://technet.microsoft.com/en-us/security/bulletin/ms12-037

Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

 

Microsoft Security Bulletin MS12-038 - Critical

Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)

- https://technet.microsoft.com/en-us/security/bulletin/ms12-038

Critical - Remote Code Execution - May require restart Microsoft Windows, Microsoft .NET Framework

 

Important -4-

 

 

Microsoft Security Bulletin MS12-039 - Important

Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)

- https://technet.microsoft.com/en-us/security/bulletin/MS12-039

Important - Remote Code Execution - May require restart - Microsoft Lync

 

Microsoft Security Bulletin MS12-040 - Important

Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)

- https://technet.microsoft.com/en-us/security/bulletin/ms12-040

Important - Elevation of Privilege - Requires restart - Microsoft Windows

 

Microsoft Security Bulletin MS12-041 - Important

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162)

- https://technet.microsoft.com/en-us/security/bulletin/ms12-041

Important - Elevation of Privilege - Requires restart - Microsoft Windows

 

Microsoft Security Bulletin MS12-042 - Important

Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)

- https://technet.microsoft.com/en-us/security/bulletin/MS12-042

Important - Elevation of Privilege - Requires restart - Microsoft Windows

 

___

 

Certificate Trust List update...

- https://blogs.technet.com/b/msrc/archive/2012/06/12/certificate-trust-list-update-and-the-june-2012-bulletins.aspx?Redirected=true

12 Jun 2012

RSA keys under 1024 bits are blocked

- https://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx?Redirected=true

11 Jun 2012

 

Bulletin deployment priority

- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/2604.June-2012-Priority.png

 

Severity and exploitability index

- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/8737.June-2012-Severity.png

___

 

Microsoft Security Advisory (2719615)

Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution

- https://technet.microsoft.com/en-us/security/advisory/2719615

June 12, 2012

0-day... CVE Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1889 - 9.3 (HIGH)

> http://support.microsoft.com/kb/2719615#FixItForMe

 

Microsoft Security Advisory (2269637)

Insecure Library Loading Could Allow Remote Code Execution

- https://technet.microsoft.com/en-us/security/advisory/2269637

• V16.0 (June 12, 2012) - "... Updates relating to Insecure Library Loading section: MS12-039..."

___

 

ISC Analysis

- https://isc.sans.edu/diary.html?storyid=13453

Last Updated: 2012-06-12 17:45:41 UTC

___

 

MSRT

- http://support.microsoft.com/?kbid=890830

June 12, 2012 - Revision: 103.0

(Recent additions)

- http://www.microsoft.com/security/pc-security/malware-families.aspx

... added this release...

• Cleaman

• Kuluoz

 

Download:

- http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16

File Name: Windows-KB890830-V4.9.exe - 15.5 MB

- https://www.microsoft.com/download/en/details.aspx?id=9905

x64 version of MSRT:

File Name: Windows-KB890830-x64-V4.9.exe - 16.1 MB

 

.

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

MS12-034: Description of the security update for CVE-2012-0181 in Windows XP and Windows Server 2003

- http://support.microsoft.com/kb/2686509#FixItForMeAlways

Last Review: June 19, 2012 - Revision: 4.0 - "... If you receive the "0x8007F0F4" error when you try to install this security update, check to see if the %windir%\FaultyKeyboard.log file was created on the computer...

Known issues with this security update: In some scenarios, the %windir%\FaultyKeyboard.log file might not have been created on your computer. If the file was not created, follow these steps: To fix this problem automatically, click the Fix it button or link. Then click Run in the File Download dialog box, and follow the steps in the Fix it wizard..."

 

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0181 - 10.0 (HIGH)

 

:ph34r: :!:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

MS12-037 exploit in-the-wild

- http://nakedsecurity.sophos.com/2012/06/19/ie-remote-code-execution-vulnerability-being-actively-exploited-in-the-wild/

June 19, 2012 - "A critical Internet Explorer vulnerability, announced and patched by Microsoft in June's Patch Tuesday, is being exploited in the wild. The vulnerability is CVE-2012-1875*... patched in MS12-037**... Cunningly-crafted JavaScript code - which can be embedded in a web page to foist the exploit on unsuspecting vistors - is circulating freely on the internet. Also, the Metasploit exploitation framework now has a plug-in module which will generate malicious JavaScript for you on-the-fly to help you automate an attack... response is easy: if you haven't patched already, do so right away..."

* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1875 - 9.3 (HIGH)

 

Cumulative Security Update for Internet Explorer (2699988) - Critical

** https://technet.microsoft.com/en-us/security/bulletin/ms12-037

June 12, 2012

 

- http://www.symantec.com/connect/blogs/cve-2012-1875-wild-part-2-internet-explorer-gets-stumped

19 Jun 2012

 

- http://atlas.arbor.net/briefs/index#-1257954642

Severity: Elevated Severity

Source: http://www.symantec.com/connect/blogs/cve-2012-1875-exploited-wild-part-1-trojannaid

18 Jun 2012

___

 

- https://www.us-cert.gov/cas/techalerts/TA12-174A.html

June 22, 2012

> http://support.microsoft.com/kb/2686509#FixItForMeAlways

 

:grrr::ph34r: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

WSUS KB 272011: Common issues encountered and how to fix them

- https://blogs.technet.com/b/sus/archive/2012/06/20/wsus-kb272011-common-issues-encountered-and-how-to-fix-them.aspx?Redirected=true

20 Jun 2012

 

An update for Windows Server Update Services 3.0 SP2 is available

- http://support.microsoft.com/kb/2720211

Last Review: June 18, 2012 - Revision: 6.0

 

 

Thanks to Susan Bradley!

 

:!:

Share this post


Link to post
Share on other sites

FYI...

 

IE9 may stop responding if DFX Audio Enhancer is installed

- http://support.microsoft.com/kb/2727797/

Last Review: June 22, 2012 - Revision: 2.0 ...

"Consider the following scenario:

You are running Windows Internet Explorer 9.

DFX Audio Enhancer version 10 is installed on the computer.

The following security update is installed on the computer:

2699988 MS12-037: Cumulative Security Update for Internet Explorer: June 12, 2012

In this scenario, Windows Internet Explorer 9 may stop responding, or "hang."

CAUSE: This issue occurs because of an incompatibility with an earlier version of DFX Audio Enhancer...

For more information about how to obtain the latest version of DFX, go to the following third-party webpage: http://www.fxsound.com/dfx/index.php ..."

 

:( :!:

Share this post


Link to post
Share on other sites

FYI...

 

Update for Windows Update ...

- http://h-online.com/-1624979

25 June 2012 - "Microsoft has released an unscheduled, non-patch day update for Windows to update the Windows Update function itself. However, according to reports from readers, the Windows Update Agent update does -not- always run smoothly... Users who run Windows Update are confronted with a message which says that an update for Windows Update needs to be installed before the system can check for other updates. On some computers, clicking the "Install Updates" button results in a failed installation with error code 80070057 or 8007041B. On heise Security's test Windows 7 computer, repeatedly attempting the update (click on "Check for updates" on the left) did eventually result in the update being successfully applied. Microsoft has provided a "Fix it" tool* for more stubborn cases in Knowledge Base Article 949104**. The update in question upgrades the Windows Update Agent from version 7.4.7600.226 to 7.6.7600.256 ..."

* Direct download: http://go.microsoft.com/?linkid=9767096

 

** http://support.microsoft.com/kb/949104

 

:ph34r::(

Share this post


Link to post
Share on other sites

FYI...

 

MS June cumulative updates have been released

- https://blogs.technet.com/b/the_microsoft_excel_support_team_blog/archive/2012/06/28/june-cumulative-updates-have-been-released.aspx?Redirected=true

28 Jun 2012

 

2007 Office system cumulative update for June 2012

For Excel 2007: http://support.microsoft.com/kb/2712234 ...

June 26, 2012 - "The cumulative update packages for June 2012 contain the latest hotfixes for the 2007 Microsoft Office system and for the 2007 Office servers..."

 

Office 2010 cumulative update for June 2012

For Excel 2010: http://support.microsoft.com/kb/2712235 ...

June 28, 2012 - "The cumulative update packages for June 2012 contain the latest hotfixes for the Microsoft Office 2010 system and for the Office 2010 servers..."

 

:ph34r: :!:

Share this post


Link to post
Share on other sites

FYI...

 

Installing updates for the Microsoft .NET Framework 4 can take longer than expected

- http://support.microsoft.com/kb/2570538/en-us?sd=rss&spid=548#fixit4me

Last Review: July 3, 2012 - Rev: 4.0

... CAUSE: Updates to the .NET Framework 4 require a complete regeneration of the Native Image Cache, a very time-consuming operation. For some computers, an interaction with previously installed Native Images may cause Native Image regeneration to take much longer than expected. Although this issue only affects setup times, the effect can be several minutes to tens of minutes. Computers that have more Native Images installed will see longer generation times...

To fix this problem automatically, click the Fix it button or link. Then click Run in the File Download dialog box, and follow the steps in the Fix it wizard...

 

- http://support.microsoft.com/kb/2570538/en-us?sd=rss&spid=548#appliesto

APPLIES TO Microsoft .NET Framework 4

 

:!: :ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

MSRT results to date - June 2012 release ...

- https://blogs.technet.com/b/mmpc/archive/2012/07/04/cleaning-out-cleaman.aspx?Redirected=true

4 Jul 2012 - "... Since the release of the MSRT on June 12, we have removed 59,479 Win32/Cleaman threats from 56,982 computers..."

 

:ph34r:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now