Guess what time it is, poets, lovers and dreamers? Yup! Valenpatch Tuesday, er, maybe Patch Tinesday?
Microsoft is showing a lot of love for Windows by serving up nine bulletins this month. This is the first time I recall seeing Windows XP have fewer fixes released than Windows 7. Will this be a new pattern going forward?
Microsoft considers four of these critical and SophosLabs agrees, assigning MS12-016, MS12-013, MS12-010 and MS12-008 a high rating.
MS12-008 is a kernel driver vulnerability that could lead to remote code execution, MS12-010 is a remote execution flaw in all versions of Internet Explorer, MS12-013 is a remote code execution vulnerability in the C run-time on Windows 7/Vista/2008 and MS12-016 is a remote code execution vulnerability in Silverlight and the .NET framework.
Microsoft rated the remaining five as Important. SophosLabs agrees with two of these rating, MS12-009 and MS12-011, but considers MS12-015 to be medium and MS12-012 and MS12-014 to be high risk.
MS12-015 is a remote code execution in Visio Viewer that is triggered by a malicious Visio file, MS12-012 could allow remote code execution when opening a .icc (color profile) file on Windows 2008 and MS12-014 could allow an attacker to remotely execute code by tricking a user into loading a media file on Windows XP SP3.
As always the best practice is to apply all of these as soon as possible. If you need to prioritize, check our Microsoft's nifty chart, posted every month as part of Patch Tuesday.
Follow @chetwisniewski
Creative Commons Patch Me Valentine as a Valentine from Mrs. W.
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
Great news, but how do I download the patch?
They just went live for me on Windows Update. Try it now.
If you're using Windows 7, Windows Update should automatically check for updates, download and install them automatically.
where do we get these patches from?
If you're using Windows 7, do the following: Start-->Control Panel--->Windows Update. On the screen that appears, click on Check For Updates. Windows will then check and will show how many updates were found. Click on Install and the updates will be downloaded and installed automatically.
By default Windows Update should be picking the new updates in an automatic wat. If not if can allways find the on:
http://technet.microsoft.com/en-us/security/bulle...
It sometimes takes Microsoft a day or two to roll it out automatically for all users, I believe it is simply them balancing the loads of tens of millions computers all asking at the same time.
In Explorer, draw down under Tools to Windows Update...
Also for XP professional 64-bit...had 8 updates...thanks for the heads up. They did not auto-update like they are suppose to. When I saw this information from Sophos I quickly updated my systems. Thank you for the heads up.
Here is the link for Microsoft Update, which is better than Windows Update because it
has more software updates available from it:
http://www.update.microsoft.com/microsoftupdate/v...
If you don't have Microsoft Update already, you will need to download and install the
ActiveX control for use with the website, and will be prompted to do so. Save this link
in your Favorites, and once the ActiveX control is installed, a shortcut will be placed
in your Start menu.