Patch Tuesday Analysis for February 2012
Today Microsoft released 9 security bulletins, 4 of them rated “critical”. When assessing these bulletins how do you determine where to give priority? This newsletter and the accompanying chart is a good start. We recommend giving first attention to critical updates. You also want to take into account Microsoft’s exploitability index. Pay special attention where exploit code is likely. Also the type of computer should be considered. Servers could make a larger impact than workstations for example. Some organizations update laptops that users take home first, feeling that they have more time with computers that are behind a firewall and more carefully controlled. If a vulnerability is publicly disclosed and/or currently being exploited it would increase the urgency of deployment. You will also find a deployment priority chart at the MSRC blog. At times workarounds can be employed and mitigating factors might give you a little extra time.
We recommend giving first priority to Server 2008 and 2008 R2 with MS12-013, a vulnerability in the C run-time DLL. Microsoft recommends giving top priority to MS12-010, a cumulative update for IE. Next on our list would be MS12-016 computers running .net framework. Attention should be given first to web servers and web hosting servers. MS12-008 is the fourth bulletin rated critical and attention should be given especially to workstations and terminal servers.
A number of bulletins have been published because of vulnerabilities in insecure DLL loading. Today MS12-012 and MS12-014 can be added to the list.
With the vulnerability is MS12-011 it is workstations and terminal servers that are at risk, but the SharePoint Server 2010 needs to be updated to prevent cross site scripting.
With MS12-015 only Visio Viewer 2010 is affected by the five vulnerabilities reported. The full versions of Visio are not.
| Bulletin | Exploit Types
/Technologies Affected | System Types Affected | Exploit
details public?
/ Being exploited? | Comprehensive,
practical
workaround
available? | MS severity rating | Products Affected | Notes | Randy's recommendation | MS12-012
2643719 | Arbitrary code
/ Windows | Servers
| Yes/No | Yes | Important | Server 2008
Server 2008 R2
| | Patch after testing | MS12-009
2645640 | Privilege elevation
/ Windows | Workstations
Terminal Servers
| No/No | No | Important | XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
| Restart Req'd | Patch after testing | MS12-010
2647516 | Arbitrary code
/ Internet Explorer | Workstations
Terminal Servers
| No/No | No | Critical | XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
| Cumulative Update; Restart Req'd | Patch after testing | MS12-016
2651026 | Arbitrary code
/ .Net Framework; Silverlight | Workstations
Terminal Servers
Web Servers
Web Hosting Servers
| Yes/No | No | Critical | XP
Vista
Windows 7
Silverlight 4
| | Patch after testing | MS12-013
2654428 | Arbitrary code
/ Windows | Workstations
Servers
| No/No | No | Critical | Vista
Server 2008
Server 2008 R2
Windows 7
| Restart Req'd | Patch after testing | MS12-008
2660465 | Arbitrary code
/ Windows kernel mode drivers | Workstations
Terminal Servers
| Yes/No | No | Critical | XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
| Restart Req'd | Patch after testing | MS12-014
2661637 | Arbitrary code
/ Windows | Workstations
| Yes/No | No | Important | XP
| | Patch after testing | MS12-015
2663510 | Arbitrary code
/ Office Visio | Workstations
Terminal Servers
| No/No | No | Important | Visio 2010 Viewer
| | Patch after testing | MS12-011
2663841 | Privilege elevation
/ Sharepoint | Workstations
Terminal Servers
| No/No | No | Important | SharePoint Foundation 2010
SharePoint Server 2010
| | Patch after testing |
Receive Randy's same-day, independent analysis each Patch Tuesday
Email:
We will not share your address. Unsubscribe anytime.
|
"Thank you. I am very glad I subscribed to this newsletter.
Relevant content clearly and concisely. Finally!!!"
- John K.
"I really like the Fast Facts on this Month's Microsoft
Security Bulletins. Do you keep old copies? If yes, please let me know how I can
access them?"
-Susan D.
"Thanks, Randy. Your regular updates have streamlined my
monthly patching. Much appreciated,"
- Steve T.
"Really appreciate your patch observor. In the corporate
IT world, anything we can get our hands on that speeds the process of analyzing
threats and how they may or may not apply to our environments is a God-send.
Thanks so much for your efforts."
- Tess G.
"Many thanks for this Randy"
- Roger G.
"The chart is a REAAALLY good idea :)"
- Phil J.
"I like the table. Your insight is very valuable. "
Tom C.
"I liked your high level overview of patches in the
table. There are so many sources of patch information which can be very specific
or surrounded by other stuff that it’s refreshing to get everything summarised
like this. The “Randy’s Recommendation” comment is useful starting point too.
Please keep up the good work."
- David A.
"Your Patch Tuesday Observer is a very good tool in
making the decision whether to patch or not to patch. And also to patch asap or
to wait a while before patching. Also I do think the use of the table is realy
improving the readability of the provided information."
- Gerard T.
|