dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4066
share rss forum feed


NICK ADSL UK
Premium,MVM
join:2004-02-22
kudos:16
Reviews:
·Zen Internet

7 recommendations

Microsoft out-of-band security bulletin September 21, 2012

Microsoft out-of-band security bulletin September 21, 2012

Microsoft Security Bulletin MS12-063 - Critical

Cumulative Security Update for Internet Explorer (2744842)

Published: Friday, September 21, 2012

Version: 1.0

General Information

Executive Summary

This security update resolves one publicly disclosed and four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows servers. Internet Explorer 10 is not affected. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

This security update also addresses the vulnerability first described in Microsoft Security Advisory 2757760.
»technet.microsoft.com/en-us/secu···/2757760

Recommendation. Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

See also the section, Detection and Deployment Tools and Guidance, later in this bulletin.

Known Issues. None

»technet.microsoft.com/en-us/secu···ms12-063
--
Wilders Security Forum Admin
Microsoft MVP - Consumer Security



NICK ADSL UK
Premium,MVM
join:2004-02-22
kudos:16
Reviews:
·Zen Internet

2 recommendations

TechNet Webcast: Microsoft Out of Band Security Release

Event ID: 1032529852

Starts: Friday, September 21, 2012 12:00 PM
Time zone: (GMT-08:00) Pacific Time (US & Canada)
Duration: 1 hour(s)

Language(s): English.

Product(s): computer security and information security.

Audience(s): IT Decision Maker, IT Implem_Infrastructure Spec, IT Implem_IT Generalist and IT Manager.

Presentation and Q&A regarding the September 2012 Out-of-Band Security bulletin Release.

Presented by:

Dustin Childs, Group Manager, Response Communications, Microsoft Corporation

Andrew Gross, Senior Security Program Manager, Microsoft Corporation


Register now for the September OUT OF BAND security bulletin webcast.
--
Wilders Security Forum Admin
Microsoft MVP - Consumer Security



dp
Premium,MVM
join:2000-12-08
Greensburg, PA
kudos:7

1 recommendation

reply to NICK ADSL UK
Thank you Nick


onDvine
Don't Litter. Spay-Neuter.
Premium
join:2005-01-29
So. CA, USA
kudos:9

1 recommendation

reply to NICK ADSL UK
Muchas gracias, Nick!


Pentangle
With our thoughts we make the world.
Premium
join:2006-06-01
Vancouver BC
kudos:2

1 recommendation

reply to NICK ADSL UK
Thanks Nick.


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:5

1 recommendation

reply to NICK ADSL UK
Fun Friday! So far so good on my 64-bit W7 HPE (IE8) and XP SP3 (IE6) machines.

I wonder if we get any other updates for this coming Tuesday (it does happen :P).


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

2 recommendations

reply to NICK ADSL UK
MS12-063 applied.
Undid MS Fix-It 2744842 as most are but not necessary for those that want to patch and run


rcdailey
Dragoonfly
Premium
join:2005-03-29
Rialto, CA

1 recommendation

reply to NICK ADSL UK
Thanks. I manually ran Widows update and got the update for IE8. I did have to restart in Windows XP SP3. I did not notice whether a restart would be required in Windows 7. The Win 7 systems are set to auto update, but one has to stay up all the time, though a restart overnight will not hurt things.
--
It is easier for a camel to put on a bikini than an old man to thread a needle.

nonymous
Premium
join:2003-09-08
Glendale, AZ
reply to NICK ADSL UK
Think that is what my University just sent out an email about. So is it that critical as usually they don't care.


caffeinator
Coming soon to a cup near you..
Premium
join:2005-01-16
WA, USA
kudos:4

1 edit

1 recommendation

reply to NICK ADSL UK
Got 'em and applied for win7x64 and two XPproSP3 machines, one Vbox virtual and one physical. Restarts required on all. No problems.

I noticed that the update file for win7 running IE9 was well over twice the size of that for the XP boxen running IE8.




(XP's update was around 10MB IIRC)

Thanks!
--

My 9/11 Tribute..online since 9/14/01
Need an Avatar? Check out Wafen's Avatar Pages


chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS

1 recommendation

reply to rcdailey
Thanks, Nick.

said by rcdailey:

Thanks. I manually ran Widows update and got the update for IE8. I did have to restart in Windows XP SP3. I did not notice whether a restart would be required in Windows 7.

Updated on Win 7 - restart required.

said by siljaline:

Undid MS Fix-It 2744842

It is not necessary to undo/remove the Fix It patch before applying this update.
--
Gladiator Security Forum: www.gladiator-antivirus.com/


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

1 recommendation

I said:
quote:
Undid MS Fix-It 274482 as most are but not "necessary"
For those that want to patch and run. Whichever way works best for the user is fine, either way.



Boricua
Premium
join:2002-01-26
Sacramuerto
reply to NICK ADSL UK
Just got mine earlier today. Patched and a restart required.


FFH5
Premium
join:2002-03-03
Tavistock NJ
kudos:5
reply to NICK ADSL UK
Applied IE9 patch to 2 Win7 32 bit Home Premium systems. A reboot was needed. Everything running OK so far.


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

1 recommendation

reply to NICK ADSL UK
Got it for Win7-64-bit and WinXP-32bit. Thanks!


lordpuffer
RIP lil
Premium
join:2004-09-19
Rio Rancho, NM
kudos:2

1 recommendation

reply to NICK ADSL UK
Thanks Nick.


ltsnow
Premium
join:2006-04-08
Valdosta, GA
kudos:1

1 recommendation

reply to NICK ADSL UK
Thanks Nick. Patched XP Pro SP3 and then a reboot. All is good.


norwegian
Premium
join:2005-02-15
Outback

1 recommendation

reply to NICK ADSL UK
Thanks for the heads up, however 3 were applied here on Win 7 x64.

• Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB973688)
• Security Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB954430)
• Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2744842)
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke


Jrb2
Premium
join:2001-08-31
kudos:3

1 recommendation

reply to NICK ADSL UK
Thanks much Nick!
Got it on XP-home SP3 (just logged on after a long day).
Reboot required.


rcdailey
Dragoonfly
Premium
join:2005-03-29
Rialto, CA

1 recommendation

reply to chachazz
Thanks for the info on Win7. Three systems will require restart, plus an XP Pro SP3 system. I guess I should have gone there today, but I am going tomorrow anyway, so I can check on the status of the update(s).
--
It is easier for a camel to put on a bikini than an old man to thread a needle.


HotRodFoto
Premium
join:2003-04-19
Denver, CO
reply to NICK ADSL UK
Click for full size
I am getting this, any ideas??? Can't install it


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3
said by HotRodFoto:

I am getting this, any ideas???

Have you tried rebooting?
--
Don't feed trolls--it only makes them grow!


HotRodFoto
Premium
join:2003-04-19
Denver, CO
said by StuartMW:

said by HotRodFoto:

I am getting this, any ideas???

Have you tried rebooting?

odd, did that and seemed to have fixed it. No idea what was going on
--
Capturing the images of Colorado
»jdebordphoto.com
Expand your moderator at work


norwegian
Premium
join:2005-02-15
Outback
reply to HotRodFoto

Re: Microsoft out-of-band security bulletin September 21, 2012

said by HotRodFoto:

I am getting this, any ideas??? Can't install it

It's a bit misleading because it can mean 2 things

1. Quite literally the update failed, or my favorite;
2. The installer tried adding the files to the O/S while in use and failed instead of alerting you to reboot.

I've seen a few errors like that where a reboot fixed it. Not sure why that specific red alert though, very few failed again after a reboot. However there has been an update or 2 recently that ended in an endless loop with that error.

If a reboot fixed it, I'd just move on. You can however always check the files in question by looking at the versions to see if the update was applied correctly?
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke



Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11
reply to norwegian
said by norwegian:

• Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB973688)
• Security Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB954430)

You are aware that those other updates are not new to Windows Update?
They came out quite a long time ago.
I installed them over two months ago after re-installing Windows 7... but it appears they were deployed on Windows Update in between 2008 and 2011.
»technet.microsoft.com/en-us/secu···ms08-069
»support.microsoft.com/kb/973688
--
Remember that cool hidden "Graffiti Wall" here on BBR? After the name change I became the "owner", so to speak as it became: Dustyn's Wall »[Serious] RIP


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to HotRodFoto
Based on your screenshot and a query of MS Answers, it seems to be a common problem.
»answers.microsoft.com/en-us/Sear···on=false


norwegian
Premium
join:2005-02-15
Outback
reply to Dustyn
Click for full size
said by Dustyn:

You are aware that those other updates are not new to Windows Update?
They came out quite a long time ago.

Who knows why? I have updates checked regularly and set to automatic.


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:5
Reviews:
·Time Warner Cable
reply to HotRodFoto
said by HotRodFoto:

said by StuartMW:

said by HotRodFoto:

I am getting this, any ideas???

Have you tried rebooting?

odd, did that and seemed to have fixed it. No idea what was going on

Computers and electronics do weird things sometimes. Reboots usually fix them!
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

1 recommendation

reply to NICK ADSL UK
Microsoft Could Have Known About IE Security Flaw In Advance
quote:
It has been suggested that Microsoft knew about the recent IE security flaw which hit its Internet Explorer browser last week, almost two months before it came to the attention of the experts.

On 15 September, Microsoft acknowledged that an IE security flaw was being actively targeted for attacks using a previously unknown and unpatched vulnerability, after it was identified by Romang, a security researcher from the Metasploit project.

The vulnerability was present in Internet Explorer 9 and earlier versions. According to Microsoft, it “could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.” An attacker who successfully exploited this vulnerability “could gain the same user rights as the current user.”