Microsoft Security Bulletins For September 2012 Released
Yes it is that day of the month again. Microsoft will release security updates for all of its products later today. The updates resolve issues in Microsoft Server Software and Microsoft Developer Tools only, so that most Windows users won't need to install updates at all on their systems. The programs that require updating are Microsoft Visual FoxPro, Microsoft Systems Management Server 2003 Service Pack 3 and Microsoft System Center Configuration Manager 2007 Service Pack 2.
Both security bulletins have a maximum severity rating of important, the second highest rating after critical. Attackers can exploit the issues to elevate privileges on affected systems.
Security updates are as usual available via Microsoft's Windows Updating service and the Microsoft Download Center.
- MS12-061 - Vulnerability in Visual Studio Team Foundation Server Could Allow Elevation of Privilege (2719584) - This security update resolves a privately reported vulnerability in Visual Studio Team Foundation Server. The vulnerability could allow elevation of privilege if a user clicks a specially crafted link in an email message or browses to a webpage that is used to exploit the vulnerability. In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website.
- MS12-062 - Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege (2741528) - This security update resolves a privately reported vulnerability in Microsoft System Center Configuration Manager. The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to persuade users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.
Windows client users running Internet Explorer 10, a version of the browser limited to Windows 8 at the time of writing, will receive an update to the integrated Flash technology in the browser soon after all. Microsoft had intentions to deliver the Flash update with the release of the Windows 8 operating system, which would leave users of the system vulnerable to attacks if Internet Explorer 10 was used to access Flash-based contents on the Internet.
Ed Bott quotes an email statement he received from Yunsun Wee, Director of Microsoft Trustworthy Computing, in which Microsoft promises to release an update shortly.
In light of Adobe’s recently released security updates for its Flash Player, Microsoft is working closely with Adobe to release an update for Adobe Flash in IE10 to protect our mutual customers. This update will be available shortly. Ultimately, our goal is to make sure the Flash Player in Windows 8 is always secure and up-to-date, and to align our release schedule as closely to Adobe’s as possible.
It is not really clear when the update will be released, but shortly indicates a release in September.
Windows administrators and users should also make sure they have read Microsoft's Security Advisory detailing changes to the minimum certificate key length in Windows with the October 9, 2012 update.
Advertisement
Interesting when downloading the Update Rollup for ActiveX Killbits (KB2736233) to Xp Pro based system that it says in the registry verification : Updates\WindowsXP\SP4\2736233
Does this mean, I wonder that we may finally get the long overdue Service Pack 4 for XP in a series of ‘Rollups’ before they finally kill off support for we merry band of XP users?
I always download the updated, save and then install them. But with this months updates I also get the “When i download and run Windows Genuine Advantage it says the tools no longer supported” when I try to Validate, as Shane reported.
Updated by the Site worked OK, just could not validate the updates so I could download them.
Update Rollup for ActiveX Killbits for Windows XP (KB2736233)
Windows Malicious software Removal Tool – September 2012 (KB890830)
First Windows 8 and Windows server 2012 as well.
I had issues with windows updates for months as it stopped allowing me to install any updates. Its now come down to 2 updates:
Update for Windows 7 for x64-based Systems (KB2719857) (Released today)
Update for Windows 7 for x64-based Systems (KB2732487)
The error code is the same for both updates: Code 80070005
Only once my laptop restarts the update fails to configure and reverts
Can anyone help me find a solution to this. Most appreciated
Do you have admin privileges on the account? This can be one reason for the error code.
Alternative, have you tried updating manually?
https://www.microsoft.com/en-us/download/details.aspx?id=30521
I have admin privileges on my account, and when I try updating KB2719857 manually I get the same issue.
However when I tried https://www.microsoft.com/en-us/download/details.aspx?id=30521
to download the update KB2732487, it tells me Validation Required.
When i download and run Windows Genuine Advantage it says the tools no longer supported.
I also found and followed all the steps for Troubleshooting Windows Update Errors, but step 8 also says Validation Required. When I re-download and run Windows Genuine Advantage it also says the tools no longer supported.
https://www.ghacks.net/2010/12/20/microsoft-windows-update-overview-all-you-need-to-know/
I had issues with windows updates for months. Its now come down to 2 updates:
Update for Windows 7 for x64-based Systems (KB2719857) (Released today)
Update for Windows 7 for x64-based Systems (KB2732487)
Thanks a lot for your effort of assembling this mounts Microsoft update’s explanation.
For like a thousand of years I was die hard Linux user in any and every sense but a lot has changed after I came across with this:
http://theinvisiblethings.blogspot.ie/2011/04/linux-security-circus-on-gui-isolation.html
Is secure Linux a fairy tale for kids? What you say Martin?
Regards.
So, you think a 1 security (or even 10) security problem in Linux (or OSX) are equal to 70,000 NEW viruses/trojan/keylogger/backdoors… every day, for Windows, added to 100s of Windows
security problems dating back to Windows 3.1, 95, xp, NT/2000.. that are still even in Windows 8 ?
Well,no. I’m just saying that it’s kind of scary when you learn that any stupid program with no root access can with ease get all of your keystrokes.
Ever since I was told to chill out as there was no risk at all when you use Linux man. That’s why I dared to call it fairy tale that’s all.
Cheers.
I have now 5 updates ready to be installed for Windows 7 ….
I see those too. The Knowledge Base unfortunately does not reveal information about the first three yet.
The Knowledge Base does reveal information about all updates :
KB2719857 :
You cannot use an USB RNDIS device to connect to a 3G or 4G network in Windows 7 or in Windows Server 2008 R2
KB2735855:
Network connection is slow when you run a WFP-based application on a computer that is running Windows 7 or Windows Server 2008 R2
KB2741355:
You cannot start Windows Live Movie Maker 2012 when a graphics card that only supports DirectX 9 is installed on a Windows 7 or Windows Server 2008 R2-based computer
KB2736233:
Update Rollup for ActiveX Kill Bits
MRT
Defender update.
Yesterday the pages were not available. Thanks for posting the descriptions.