Patch Tuesday Valentine's 2012

Filed Under: Featured, Microsoft, Vulnerability

Valentine from Mrs. W.Guess what time it is, poets, lovers and dreamers? Yup! Valenpatch Tuesday, er, maybe Patch Tinesday?

Microsoft is showing a lot of love for Windows by serving up nine bulletins this month. This is the first time I recall seeing Windows XP have fewer fixes released than Windows 7. Will this be a new pattern going forward?

Microsoft considers four of these critical and SophosLabs agrees, assigning MS12-016, MS12-013, MS12-010 and MS12-008 a high rating.

MS12-008 is a kernel driver vulnerability that could lead to remote code execution, MS12-010 is a remote execution flaw in all versions of Internet Explorer, MS12-013 is a remote code execution vulnerability in the C run-time on Windows 7/Vista/2008 and MS12-016 is a remote code execution vulnerability in Silverlight and the .NET framework.

Microsoft rated the remaining five as Important. SophosLabs agrees with two of these rating, MS12-009 and MS12-011, but considers MS12-015 to be medium and MS12-012 and MS12-014 to be high risk.

MS12-015 is a remote code execution in Visio Viewer that is triggered by a malicious Visio file, MS12-012 could allow remote code execution when opening a .icc (color profile) file on Windows 2008 and MS12-014 could allow an attacker to remotely execute code by tricking a user into loading a media file on Windows XP SP3.

As always the best practice is to apply all of these as soon as possible. If you need to prioritize, check our Microsoft's nifty chart, posted every month as part of Patch Tuesday.



Creative Commons Patch Me Valentine as a Valentine from Mrs. W.

, , , , , , , ,

You might like

10 Responses to Patch Tuesday Valentine's 2012

  1. Matthew Meraw · 944 days ago

    Great news, but how do I download the patch?

    • Mrs. W · 944 days ago

      They just went live for me on Windows Update. Try it now.

    • Jon Fukumoto · 943 days ago

      If you're using Windows 7, Windows Update should automatically check for updates, download and install them automatically.

  2. krystle · 944 days ago

    where do we get these patches from?

    • Jon Fukumoto · 943 days ago

      If you're using Windows 7, do the following: Start-->Control Panel--->Windows Update. On the screen that appears, click on Check For Updates. Windows will then check and will show how many updates were found. Click on Install and the updates will be downloaded and installed automatically.

  3. By default Windows Update should be picking the new updates in an automatic wat. If not if can allways find the on:
    http://technet.microsoft.com/en-us/security/bulle...

    • Chester Wisniewski · 943 days ago

      It sometimes takes Microsoft a day or two to roll it out automatically for all users, I believe it is simply them balancing the loads of tens of millions computers all asking at the same time.

  4. Peggy · 943 days ago

    In Explorer, draw down under Tools to Windows Update...

    • tapko · 943 days ago

      Also for XP professional 64-bit...had 8 updates...thanks for the heads up. They did not auto-update like they are suppose to. When I saw this information from Sophos I quickly updated my systems. Thank you for the heads up.

  5. Robert Wurzburg · 942 days ago

    Here is the link for Microsoft Update, which is better than Windows Update because it
    has more software updates available from it:
    http://www.update.microsoft.com/microsoftupdate/v...

    If you don't have Microsoft Update already, you will need to download and install the
    ActiveX control for use with the website, and will be prompted to do so. Save this link
    in your Favorites, and once the ActiveX control is installed, a shortcut will be placed
    in your Start menu.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.