Go to Home Page   IT ServiceLink IT ServiceLink Telephone us on 01206 235000
About us

Software Development
       Legacy Software Maintenance
       Project Life Cycle
       Bespoke Software Development
       Corporate Hosting
       Business Process Automation
       DotNetNuke (DNN) CMS Website Package
       Search Engine Optimisation (SEO)
          SEO Website Survey Report
          SEO Blog
       Nesox Email Marketing
       e-Commerce Services

IT Infrastructure
       Hardware Supply
       Software Supply
       IP Telephony
          Avaya
          Swyx
          Avaya Case Study
          Swyx Case Study 1
          Swyx Case Study 2
       Security Products
          BorderWare
          Kaspersky
             Kaspersky Open Space
             Kaspersky Case Study
       Networking
          Draytek

Professional Services
       Customer Relationship Management (CRM)
          ACT! By Sage
          Microsoft Dynamic 3.0
       IT Infrastructure Optimisation
       IT Security Planning
       Business Continuity Management (BCM)
       Digital Sealing

IT Support Services
       Network Management
       Virtual IT Department
       IT Help Desk
       IT Support Framework
       IT Security Updates
          Microsoft Bulletins
             Archive
                July 2009
                Emergency Patch Release July 2009
                August 2009
                September 2009
                October 2009
                November 2009
                December 2009
                Emergency Patch Release January 2010
                January 2010
                February 2010
                Emergency Patch Release March 2010
                March 2010
                April 2010
                May 2010
                June 2010
                July 2010
                August 2010
                September 2010
                October 2010
                November 2010
                December 2010
                January 2011
             February 2011
             March 2011
             April 2011
             May 2011
             June 2011
             July 2011
             August 2011
             September 2011
             December2011
             January 2012
       Disaster Recovery

Contact us
  Home >> IT Support Services >> IT Security Updates >> Microsoft Bulletins >> January 2012 07 February 2012  
Patch Tuesday January 2012

Seven shiny new patches from Microsoft to kick start the New Year. One is “Critical” and rest are “Important”. MS12-006 has some known issue so be very careful when applying this patch.

2011 was very busy with patches. Let’s hope that 2012 gives us all a trouble free year.

As usual do not forget to check updates from other manufacturers - have a look at their websites and see if any products you may use are in need of an update.

Firefox (Mozilla): www.mozilla.org/security/announce/

Adobe: www.adobe.com/support/security/

Apple: support.apple.com/kb/HT1222

Google: googlechromereleases.blogspot.com/search/label/Stable updates

The patches in the table below relate to Microsoft Operating Systems and Office software. All of the patches either need a system reboot or may need a system reboot.

As usual, these patches address fundamental issues relating to vulnerabilities in the operating system or software which could be used by attackers to compromise your systems.

There are a number of viruses and malware that could exploit these vulnerabilities making them a real threat if left open by giving attackers the ability to compromise your systems.

Our usual advice is…

  • Ensure that the critical patches are deployed to all Windows desktop and server operating systems and Software, where appropriate, immediately.
  • Ensure that all Anti-virus and Malware blocking software packages are fully up to date, and properly configured firewalls are in place within your environment.
  • In addition to any Microsoft updates look at your software portfolio and investigate and consider any updates available from the software developers.

As always, some consideration is needed in order to evaluate any risks depending on whether you have the relevant affected environment. More details on these patches are given in the table with links to the relevant Microsoft Knowledge base articles.

Table 1: Details of MS Patches released Tuesday 10/01/2012

MS Link ITSL Summary Severity Affected Software Restart after patch

MS12-001

KB2644615

Software (applications) made with Visual C++ .NET 2003 can be created to get around some security features. Patch this during your next patch cycle.

 Important

XP, Vista, W7, 2003, 2008, 2008 R2

Restart Required

MS12-002

KB2603381

 This flaw could allow a remote attacker to run a file to gain access. Apply during your next patch cycle. Important XP, 2003 May Require a Restart

MS12-003

KB2646524

 A bug in one of the core operating system files could allow someone to take control of the system. However, they would have to be logged on to the system and it also only affects Chinese, Japanese, or Korean system locale. This can wait until your next round of patching. Important XP, Vista, 2003, 2008 Restart Required

MS12-004

KB2636391

 A cleverly crafted media file could allow a remote attack. Because of the popularity if the media file we recommend you patch this ASAP. Critical XP, Vista, W7, 2003, 2008, 2008 R2 Restart Required

MS12-005

KB2584146

 An embedded file in a Microsoft Office document could gain access to the users system. Although Microsoft consider this “Important” we would give it a higher rating as MS Office files are widely used. Patch this ASAP. Once the patch is installed you will now get a warning if the embedded file tries to run without the uses approval. Important XP, Vista, W7, 2003, 2008, 2008 R2 May Require a Restart

MS12-006

KB2643584

 This update fixes some vulnerability in SSL 3.0 and TLS 1.0 (Web Encryption). Please be aware that there are some known problems with this patch and some website may not work after applying it. Read the knowledge base article for more details: KB2643584. Patch during your next cycle Important XP, Vista, W7, 2003, 2008, 2008 R2 Restart Required

MS12-007

KB2607664

 Software using the Anti-Cross Site Scripting (AntiXSS) is fixed with this patch. This can wait until your next round of patching. Important Anti-Cross Site Scripting Library 3.X and 4.0 May Require a Restart

 

Rating Definition
Critical A vulnerability whose exploitation could allow the propagation of an Internet worm without user action.
Important A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.
Moderate Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation.
Low A vulnerability whose exploitation is extremely difficult, or whose impact is minimal.
We also offer...


Accessibility  |  Privacy  |  Terms Of Use  |  Site Map

A Microsoft Certified Partner © Copyright 2009-2011 IT ServiceLink LTD A Microsoft Small Business Specialist