IT administrators will have to deal with more fireworks this month with Microsoft’s Patch Tuesday. This month there are 9 patches, 3 of which are critical and 6 important. This is more than double last year’s July patches: 4 total, with only 1 critical. This puts Microsoft at 51 bulletins for 2012, about on par with 2011, which saw 56 bulletins at this time last year.
Looking at the bulletins, the first thing that jumps out is they impact the entire family of products, from XP all the way to 2008. This is a strange mix of patches, impacting both legacy and current generation software with critical issues. The suggested orders of priorities are MS12-043, MS12-045 and MS12-044 followed by the balance of the important bulletins released this period.
Critical issues:
- MS12-043 (MSXML) Addresses 1 CVE in XML Core Services that is currently being actively exploited in IE attacks. It is rated as critical because it can provide for remote code execution. The patch is applied across the board for all current Microsoft’s operating systems and may require a restart. It should be noted that in June, Microsoft issued Security Advisory 2719615 that provided a “FixIt” that blocked the IE vector for the related attack.
- MS12-044 (IE) Addresses 2 CVE issues that can provide for remote code execution with Internet Explorer 9. It is rated as critical for both Vista and Windows 7 and will require a restart.
- MS12-045 (MDAC) Addresses 1 CVE issue that is critical for XP, Vista and Windows 7 but is rated only as moderate for Windows 2003 and 2008. It is important to note that while the patch is applied to the operating system, the actual vector for exploitation of the vulnerability is via Internet Explorer.
The remaining bulletins are all rated important and impact a wide range of Microsoft products.
- MS12-046 (VBA) Addresses 1 CVE issue that impacts Microsoft Office for 2003, 2007 and 2010, as well as Visual Basic and may require a restart.
- MS12-047 (KMD) Addresses 2 CVE issues that were not fully addressed with the similar patch released in May 2012.
- MS12-048 (Windows Shell) Addresses 1 CVE issue and while it can provide for remote code execution, it requires a very targeted attack vector according to Microsoft.
- MS12-049 (TLS) Addresses 1 CVE issue that could be used to facilitate a man-in-the-middle (MITM) attack vector against TLS/SSL.
- MS12-050 (Sharepoint) Addresses 6 CVE issues that could provide for an escalation of privilege – most are XXS related.
- MS12-051 (Office for MAC) Addresses 1 CVE issue that could provide for an escalation of privilege.
Security Advisories
Security advisories included in July’s Patch Tuesday include one that adds additional certificates to the untrusted store (effectively revoking them) and an advisory that provides for the disabling of the Windows Vista Sidebar. This advisory addresses an issue where users can currently install “Gadgets” in Sidebar from untrusted sources. It is important to note that if you disable the Sidebar you effectively disable all installed Gadgets.
New Operating Systems
There are two new operating systems IT administrators will be dealing with soon: Apple’s OS Mountain Lion and Microsoft’s Windows 8. Though the full impact on IT remains to be seen, you can get a jump start by reading about some of the security features for both.
Mountain Lion is a definite step forward for Apple security, with several new features that make it easier for IT to secure these machines. Whitelisting, sandboxed applications and daily updates go a long way in securing these products. You can read our full dissection of Mountain Lion’s security features here.
A new version of Windows 8 will also be out soon, with the historical security strength of Microsoft behind it. Windows 8 will also feature whitelisting and sandboxed apps, as well as a continuously running security system that starts protecting machines before the operating system is even fully booted. Read more about it here.