Microsoft Security Bulletins For September 2012 Released
Yes it is that day of the month again. Microsoft will release security updates for all of its products later today. The updates resolve issues in Microsoft Server Software and Microsoft Developer Tools only, so that most Windows users won't need to install updates at all on their systems. The programs that require updating are Microsoft Visual FoxPro, Microsoft Systems Management Server 2003 Service Pack 3 and Microsoft System Center Configuration Manager 2007 Service Pack 2.
Both security bulletins have a maximum severity rating of important, the second highest rating after critical. Attackers can exploit the issues to elevate privileges on affected systems.
Security updates are as usual available via Microsoft's Windows Updating service and the Microsoft Download Center.
- MS12-061 - Vulnerability in Visual Studio Team Foundation Server Could Allow Elevation of Privilege (2719584) - This security update resolves a privately reported vulnerability in Visual Studio Team Foundation Server. The vulnerability could allow elevation of privilege if a user clicks a specially crafted link in an email message or browses to a webpage that is used to exploit the vulnerability. In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website.
- MS12-062 - Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege (2741528) - This security update resolves a privately reported vulnerability in Microsoft System Center Configuration Manager. The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to persuade users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.
Windows client users running Internet Explorer 10, a version of the browser limited to Windows 8 at the time of writing, will receive an update to the integrated Flash technologyÂ in the browser soon after all. Microsoft had intentions to deliver the Flash update with the release of the Windows 8 operating system, which would leave users of the system vulnerable to attacks if Internet Explorer 10 was used to access Flash-based contents on the Internet.
Ed Bott quotes an email statement he received from Yunsun Wee, Director of Microsoft Trustworthy Computing, in which Microsoft promises to release an update shortly.
In light of Adobeâ€™s recently released security updates for its Flash Player, Microsoft is working closely with Adobe to release an update for Adobe Flash in IE10 to protect our mutual customers. This update will be available shortly. Ultimately, our goal is to make sure the Flash Player in Windows 8 is always secure and up-to-date, and to align our release schedule as closely to Adobeâ€™s as possible.
It is not really clear when the update will be released, but shortly indicates a release in September.
Windows administrators and users should also make sure they have read Microsoft's Security Advisory detailing changes to theÂ minimum certificate key length in Windows with the October 9, 2012 update.Advertisement