Patch Analysis for April 2012

Six Security bulletins were released by Microsoft that will require admins to stay watchful for workstations and a variety of servers. Bulletins MS12-024, MS12-025 and M12-026 impact servers.                                   

A number of products use Windows Common Controls. These are some specific Active X controls. There are reports of limited targeted attacks and a new version of Windows Common Controls is available as indicated in MS12-027 that does not have the vulnerability.

A vulnerability exists with some products that can open Microsoft Works files. The latest Works converters are not affected. The patch offered with MS12-028 deprecates the older converter so the product suggests installing the latest converter. Administrators may want to consider upgrading Office 2007 SP2 to SP3 for example and eliminate the need for a patch.

S026MS12-023 is a cumulative update for Internet Explorer. As can be expected, increased functionality can result in increased risk. Most of the vulnerabilities have to do with Active X controls and Active Scripting. One is with an option, “Print table of links” Probably most of us never use it but it’s there and so has to be patched. (If you want to see the option, go to File, Print, the Options tab while in IE and you will see a box that can be checked.)

The WinVerifyTrust signature validation vulnerability (MS12-024) also affects preview release versions of Windows 8. Check for known issues with this update.

Patch Tuesday Coverage Made Possible By: Lumension:  IT Secured.  Success Optimized.™

Visit the Lumension Patch Tuesday Center

BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS12-028

2639185
Arbitrary code

/ Office
Workstations
Terminal Servers
No/NoNoImportant Office 2007
Works 9
Works 6-9 File Converter
 Patch after testing
MS12-024

2653956
Arbitrary code

/ Windows
Workstations
Servers
No/NoNoCritical XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Restart Req'dPatch after testing
MS12-026

2663860
Information disclosure

/ Forefront UAG
Servers
No/NoNoImportant Forefront UAG
 Patch after testing
MS12-027

2664258
Arbitrary code

/ Windows Common Controls
Workstations
Terminal Servers
No/YesNoCritical Office 2003
Office 2007
SQL Server 2000
SQL Server 2005
SQL Server 2008
Visual Basic 6.0
Visual FoxPro 9.0
BizTalk Server 2002
Office 2010
Commerce Server 2002
Commerce Server 2007
Commerce Server 2009
Commerce Server 2009 R2
Visual FoxPro 8.0
 Patch after testing
MS12-025

2671605
Arbitrary code

/ .Net Framework
Workstations
Servers
Web Hosting Servers
No/NoNoCritical XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
 Patch after testing
MS12-023

2675157
Arbitrary code

/ Internet Explorer
Workstations
Terminal Servers
No/NoNoCritical XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Cumulative Update; Restart Req'dPatch after testing

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.

 

Additional Resources