Microsoft Security Bulletins For September 2012 Released - gHacks Tech News

Microsoft Security Bulletins For September 2012 Released

Yes it is that day of the month again. Microsoft will release security updates for all of its products later today. The updates resolve issues in Microsoft Server Software and Microsoft Developer Tools only, so that most Windows users won't need to install updates at all on their systems. The programs that require updating are Microsoft Visual FoxPro, Microsoft Systems Management Server 2003 Service Pack 3 and Microsoft System Center Configuration Manager 2007 Service Pack 2.

Both security bulletins have a maximum severity rating of important, the second highest rating after critical. Attackers can exploit the issues to elevate privileges on affected systems.

Security updates are as usual available via Microsoft's Windows Updating service and the Microsoft Download Center.

  • MS12-061 - Vulnerability in Visual Studio Team Foundation Server Could Allow Elevation of Privilege (2719584) - This security update resolves a privately reported vulnerability in Visual Studio Team Foundation Server. The vulnerability could allow elevation of privilege if a user clicks a specially crafted link in an email message or browses to a webpage that is used to exploit the vulnerability. In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website.
  • MS12-062 - Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege (2741528) - This security update resolves a privately reported vulnerability in Microsoft System Center Configuration Manager. The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to persuade users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.

microsoft security bulletin deployement priority

severity exploitablity index 2012

Windows client users running Internet Explorer 10, a version of the browser limited to Windows 8 at the time of writing, will receive an update to the integrated Flash technology  in the browser soon after all. Microsoft had intentions to deliver the Flash update with the release of the Windows 8 operating system, which would leave users of the system vulnerable to attacks if Internet Explorer 10 was used to access Flash-based contents on the Internet.

Ed Bott quotes an email statement he received from Yunsun Wee, Director of Microsoft Trustworthy Computing, in which Microsoft promises to release an update shortly.

In light of Adobe’s recently released security updates for its Flash Player, Microsoft is working closely with Adobe to release an update for Adobe Flash in IE10 to protect our mutual customers. This update will be available shortly. Ultimately, our goal is to make sure the Flash Player in Windows 8 is always secure and up-to-date, and to align our release schedule as closely to Adobe’s as possible.

It is not really clear when the update will be released, but shortly indicates a release in September.

Windows administrators and users should also make sure they have read Microsoft's Security Advisory detailing changes to the minimum certificate key length in Windows with the October 9, 2012 update.





  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. Peter (NL) said on September 11, 2012 at 7:04 pm
      Reply

      I have now 5 updates ready to be installed for Windows 7 ….

      1. Martin Brinkmann said on September 11, 2012 at 7:12 pm
        Reply

        I see those too. The Knowledge Base unfortunately does not reveal information about the first three yet.

        1. ilev said on September 12, 2012 at 9:23 am
          Reply

          The Knowledge Base does reveal information about all updates :

          KB2719857 :
          You cannot use an USB RNDIS device to connect to a 3G or 4G network in Windows 7 or in Windows Server 2008 R2

          KB2735855:
          Network connection is slow when you run a WFP-based application on a computer that is running Windows 7 or Windows Server 2008 R2

          KB2741355:

          You cannot start Windows Live Movie Maker 2012 when a graphics card that only supports DirectX 9 is installed on a Windows 7 or Windows Server 2008 R2-based computer

          KB2736233:
          Update Rollup for ActiveX Kill Bits

          MRT

          Defender update.

        2. Martin Brinkmann said on September 12, 2012 at 9:26 am
          Reply

          Yesterday the pages were not available. Thanks for posting the descriptions.

    2. sgr said on September 11, 2012 at 8:39 pm
      Reply

      For like a thousand of years I was die hard Linux user in any and every sense but a lot has changed after I came across with this:
      http://theinvisiblethings.blogspot.ie/2011/04/linux-security-circus-on-gui-isolation.html

      Is secure Linux a fairy tale for kids? What you say Martin?

      Regards.

      1. ilev said on September 12, 2012 at 6:17 am
        Reply

        So, you think a 1 security (or even 10) security problem in Linux (or OSX) are equal to 70,000 NEW viruses/trojan/keylogger/backdoors… every day, for Windows, added to 100s of Windows
        security problems dating back to Windows 3.1, 95, xp, NT/2000.. that are still even in Windows 8 ?

        1. Anonymous said on September 13, 2012 at 11:55 am
          Reply

          Well,no. I’m just saying that it’s kind of scary when you learn that any stupid program with no root access can with ease get all of your keystrokes.
          Ever since I was told to chill out as there was no risk at all when you use Linux man. That’s why I dared to call it fairy tale that’s all.

          Cheers.

    3. Paul(us) said on September 11, 2012 at 11:04 pm
      Reply

      Thanks a lot for your effort of assembling this mounts Microsoft update’s explanation.

    4. Shane said on September 11, 2012 at 11:18 pm
      Reply

      I had issues with windows updates for months. Its now come down to 2 updates:
      Update for Windows 7 for x64-based Systems (KB2719857) (Released today)
      Update for Windows 7 for x64-based Systems (KB2732487)

    5. Shane said on September 11, 2012 at 11:23 pm
      Reply

      I had issues with windows updates for months as it stopped allowing me to install any updates. Its now come down to 2 updates:
      Update for Windows 7 for x64-based Systems (KB2719857) (Released today)
      Update for Windows 7 for x64-based Systems (KB2732487)

      The error code is the same for both updates: Code 80070005
      Only once my laptop restarts the update fails to configure and reverts
      Can anyone help me find a solution to this. Most appreciated

      1. Martin Brinkmann said on September 11, 2012 at 11:46 pm
        Reply

        Do you have admin privileges on the account? This can be one reason for the error code.

        Alternative, have you tried updating manually?

        https://www.microsoft.com/en-us/download/details.aspx?id=30521

        1. Shane said on September 12, 2012 at 8:51 am
          Reply

          I have admin privileges on my account, and when I try updating KB2719857 manually I get the same issue.

          However when I tried https://www.microsoft.com/en-us/download/details.aspx?id=30521
          to download the update KB2732487, it tells me Validation Required.
          When i download and run Windows Genuine Advantage it says the tools no longer supported.

          I also found and followed all the steps for Troubleshooting Windows Update Errors, but step 8 also says Validation Required. When I re-download and run Windows Genuine Advantage it also says the tools no longer supported.

          https://www.ghacks.net/2010/12/20/microsoft-windows-update-overview-all-you-need-to-know/

    6. ilev said on September 12, 2012 at 9:03 am
      Reply

      First Windows 8 and Windows server 2012 as well.

    7. kalmly said on September 12, 2012 at 3:05 pm
      Reply

      Update Rollup for ActiveX Killbits for Windows XP (KB2736233)

      Windows Malicious software Removal Tool – September 2012 (KB890830)

    8. GiddyUpGo said on September 12, 2012 at 5:13 pm
      Reply

      I always download the updated, save and then install them. But with this months updates I also get the “When i download and run Windows Genuine Advantage it says the tools no longer supported” when I try to Validate, as Shane reported.
      Updated by the Site worked OK, just could not validate the updates so I could download them.

    9. Jack said on September 12, 2012 at 5:27 pm
      Reply

      Interesting when downloading the Update Rollup for ActiveX Killbits (KB2736233) to Xp Pro based system that it says in the registry verification : Updates\WindowsXP\SP4\2736233

      Does this mean, I wonder that we may finally get the long overdue Service Pack 4 for XP in a series of ‘Rollups’ before they finally kill off support for we merry band of XP users?

    Leave a Reply