Patch Tuesday critical fixes for July 2012

Filed Under: Featured, Vulnerability

Patch TuesdayAs always Microsoft has released a batch of fixes for its products on the second Tuesday of the month. This month there are eight patches for Windows and one for Macintosh.

The most awaited fix is MS12-043 that closes a hole in Microsoft XML services that has been exploited in the wild for several weeks. This bug allows compromised web sites to execute malicious code on your computers and should be priority number one this month.

There are two other critical fixes, MS12-044 and MS12-045, both of which can result in remote code execution. MS12-044 only affects Internet Explorer 9, while MS12-045 is a bug in MDAC/WDAC which impacts all users of Internet Explorer.

The remaining patches cover vulnerabilities rated as important or moderate. After reviewing the information provided by Microsoft, I concur. Impacted products include VBA, Windows kernel, Windows shell, TLS, SharePoint and Office 2011 for Mac.

Some of these vulnerabilities are already being exploited, while others will be researched and put into action in short order. If you are one of the "wait and see" patch delayers, I encourage you to take action as quickly as possible.

Individuals should find install these fixes using Windows Update, while users of WSUS and other patching tools should see them available now.

, , ,

You might like

5 Responses to Patch Tuesday critical fixes for July 2012

  1. GMB Technologies · 784 days ago

    Thanks. Love your updates

  2. CISO · 783 days ago

    Another frustratingly terse bulletin from Microsoft. They make no mention of whether the fix-it from last month is a mitigation for the MS12-043 bulletin.

    Well done Microsoft, I've now got the option of pushing for an expedited deployment (at a huge cost) without knowing whether it's even warranted given the fix-it from last month has reached saturation, or I hold off, release in a standard cycle and expose my organisation to what could be a huge security risk. With Microsoft's patch information the way it is and the rise of cloud, no wonder my peers are pushing for OSX in the workplace.

    • Robert W. · 783 days ago

      The norm is a 'Fix-It' or any workaround is no substitute for a security update
      which completely patches a vulnerability and/or exploit. Those might still have
      an attack vector, and are only temporary solutions.

      I always wait for the updates. Until then I'm careful about going to unknown
      websites which might have the payload, or using any links in emails from an
      unknown sender which I usually don't open anyway.

      It also helps to use some form of website checking in searches, like Sophos
      might have. I've used McAfee Site Advisor, a free program on their website.

  3. Hasan · 783 days ago

    Thank you :)
    Windows is updating...

    What is your recommend about select an DNS services (such as OpenDNS)? Which is better?

    And, Sophos have special DNS for users?

  4. Ryan · 783 days ago

    I got these updates but one failed and my screen was all red!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.