Patch Tuesday Analysis for February 2012

Today Microsoft released 9 security bulletins, 4 of them rated “critical”. When assessing these bulletins how do you determine where to give priority? This newsletter and the accompanying chart is a good start. We recommend giving first attention to critical updates. You also want to take into account Microsoft’s exploitability index. Pay special attention where exploit code is likely. Also the type of computer should be considered. Servers could make a larger impact than workstations for example. Some organizations update laptops that users take home first, feeling that they have more time with computers that are behind a firewall and more carefully controlled. If a vulnerability is publicly disclosed and/or currently being exploited it would increase the urgency of deployment. You will also find a deployment priority chart at the MSRC blog. At times workarounds can be employed and mitigating factors might give you a little extra time.
We recommend giving first priority to Server 2008 and 2008 R2 with MS12-013, a vulnerability in the C run-time DLL. Microsoft recommends giving top priority to MS12-010, a cumulative update for IE. Next on our list would be MS12-016 computers running .net framework. Attention should be given first to web servers and web hosting servers. MS12-008 is the fourth bulletin rated critical and attention should be given especially to workstations and terminal servers.
A number of bulletins have been published because of vulnerabilities in insecure DLL loading. Today MS12-012 and MS12-014 can be added to the list.
With the vulnerability is MS12-011 it is workstations and terminal servers that are at risk, but the SharePoint Server 2010 needs to be updated to prevent cross site scripting.
With MS12-015 only Visio Viewer 2010 is affected by the five vulnerabilities reported. The full versions of Visio are not.
BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS12-012

2643719
Arbitrary code

/ Windows
Servers
Yes/NoYesImportant Server 2008
Server 2008 R2
 Patch after testing
MS12-009

2645640
Privilege elevation

/ Windows
Workstations
Terminal Servers
No/NoNoImportant XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Restart Req'dPatch after testing
MS12-010

2647516
Arbitrary code

/ Internet Explorer
Workstations
Terminal Servers
No/NoNoCritical XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Cumulative Update; Restart Req'dPatch after testing
MS12-016

2651026
Arbitrary code

/ .Net Framework; Silverlight
Workstations
Terminal Servers
Web Servers
Web Hosting Servers
Yes/NoNoCritical XP
Vista
Windows 7
Silverlight 4
 Patch after testing
MS12-013

2654428
Arbitrary code

/ Windows
Workstations
Servers
No/NoNoCritical Vista
Server 2008
Server 2008 R2
Windows 7
Restart Req'dPatch after testing
MS12-008

2660465
Arbitrary code

/ Windows kernel mode drivers
Workstations
Terminal Servers
Yes/NoNoCritical XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Restart Req'dPatch after testing
MS12-014

2661637
Arbitrary code

/ Windows
Workstations
Yes/NoNoImportant XP
 Patch after testing
MS12-015

2663510
Arbitrary code

/ Office Visio
Workstations
Terminal Servers
No/NoNoImportant Visio 2010 Viewer
 Patch after testing
MS12-011

2663841
Privilege elevation

/ Sharepoint
Workstations
Terminal Servers
No/NoNoImportant SharePoint Foundation 2010
SharePoint Server 2010
 Patch after testing

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Tuesday Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.