dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2440
share rss forum feed


dp
Premium,MVM
join:2000-12-08
Greensburg, PA
kudos:7

3 recommendations

Microsoft Security Bulletin(s) for December 11, 2012

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»technet.microsoft.com/en-us/secu···ms12-dec

Critical (5)

Microsoft Security Bulletin MS12-077
Cumulative Security Update for Internet Explorer (2761465)
»technet.microsoft.com/en-us/secu···ms12-077

Microsoft Security Bulletin MS12-078
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534)
»technet.microsoft.com/en-us/secu···ms12-078

Microsoft Security Bulletin MS12-079
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642)
»technet.microsoft.com/en-us/secu···ms12-079

Microsoft Security Bulletin MS12-080
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126)
»technet.microsoft.com/en-us/secu···ms12-080

Microsoft Security Bulletin MS12-081
Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857)
»technet.microsoft.com/en-us/secu···ms12-081

Important (2)

Microsoft Security Bulletin MS12-082
Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660)
»technet.microsoft.com/en-us/secu···ms12-082

Microsoft Security Bulletin MS12-083
Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809)
»technet.microsoft.com/en-us/secu···ms12-083

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.
--
Microsoft® Security MVP, 2004 - 2012
DP's Security Bits


NICK ADSL UK
Premium,MVM
join:2004-02-22
kudos:16
Reviews:
·Zen Internet

1 recommendation

Thanks don

TechNet Webcast: Information About the December 2012 Security Bulletin Release

Event ID: 1032522564

Language(s): English.

Product(s): computer security and information security.

Audience(s): IT Decision Maker, IT Implem_IT Generalist and IT Manager.


Join us for a brief overview of the technical details of this month's Microsoft security bulletins. We intend to address your concerns in this webcast. Therefore, Microsoft security experts devote most of this webcast to answering the questions that you ask.

Starts: Wednesday, December 12, 2012 11:00 AM
Time zone: (GMT-08:00) Pacific Time (US & Canada)
Duration: 1 hour(s)


Presented by:

Dustin Childs, Group Manager, Trustworthy Computing, Microsoft Corporation

and

Jonathan Ness, Principal Security Development Lead, Microsoft Corporation

Register now for the December security bulletin webcast.
--
Wilders Security Forum Admin
Microsoft MVP - Consumer Security



MarkAW
Barry White
Premium
join:2001-08-27
Canada
kudos:16
reply to dp
Click for full size
Click for full size
Click for full size
Thanks dp See Profile and NICK ADSL UK See Profile. 9 updates for my Win 7 32bit system 10 if i let bing be installed.

art22gg
Premium
join:2005-02-16
Courtenay, BC
kudos:6
reply to dp
Thanks dp....No MS Net updates....yeah!...


Cartel
Premium
join:2006-09-13
Chilliwack, BC
kudos:2
Reviews:
·TekSavvy DSL
·Shaw
·TELUS

3 edits
reply to dp
said by dp:

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»technet.microsoft.com/en-us/secu···ms12-dec

Critical (5)

Microsoft Security Bulletin MS12-077
Cumulative Security Update for Internet Explorer (2761465)
»technet.microsoft.com/en-us/secu···ms12-077

Microsoft Security Bulletin MS12-078
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534)
»technet.microsoft.com/en-us/secu···ms12-078

Microsoft Security Bulletin MS12-079
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642)
»technet.microsoft.com/en-us/secu···ms12-079

Microsoft Security Bulletin MS12-080
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126)
»technet.microsoft.com/en-us/secu···ms12-080

Microsoft Security Bulletin MS12-081
Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857)
»technet.microsoft.com/en-us/secu···ms12-081

Important (2)

Microsoft Security Bulletin MS12-082
Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660)
»technet.microsoft.com/en-us/secu···ms12-082

Microsoft Security Bulletin MS12-083
Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809)
»technet.microsoft.com/en-us/secu···ms12-083

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

KB2779030 and KB2753842 seem to be the same updates.
The pages are confusing.

Both say MS12-078
»support.microsoft.com/kb/2753842
»support.microsoft.com/kb/2779030

And WU takes me to these for both
»technet.microsoft.com/en-us/secu···ms12-078
»technet.microsoft.com/en-us/secu···ms12-078

and I don't see KB2779030 on your list.



further reading shows KB2761226 in MS12-075 replaced by KB2779030, KB2731847 in MS12-055 replaced by KB2761226, KB2718523 in MS12-047 replaced by KB2731847, KB2709162 in MS12-041 replaced by KB2718523, KB2641653 in MS12-018 replaced by KB2709162, MS12-008 replaces MS12-018 replaces MS11-087 replaces MS11-084 and it keeps on going.

M$ has me totally confused now.

And none of mine say "critical"




FFH5
Premium
join:2002-03-03
Tavistock NJ
kudos:5
reply to dp
Lots of updates today.

My Win 7 Home Premium desktop 32 bit system. A reboot was needed.
Win 7 optional patches:


Win 7 security patches:



My upgraded Win 8 Pro laptop 32 bit system. A reboot was needed.
Win 8 optional patches:


Win 8 security patches:


--
A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the public treasury.

Merry Christmas »goo.gl/Y2AEF


ltsnow
Premium
join:2006-04-08
Valdosta, GA
kudos:1
reply to dp
Got 7 updates for XP Pro SP3, not counting MSRT. Reboot required. Looking good.


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to dp
Thanks for keeping us posted, dp See Profile

A Happy & Healthy Holiday Season to you and yours ~~

Updated, as follows:

MS11-091: Description of the security update for Publisher 2003: December 13, 2011
»support.microsoft.com/kb/2553084

MS12-060: Description of the security update for Office 2003 and Office 2003 Web Components: August 14, 2012
»support.microsoft.com/kb/2726929

MS12-079: Description of the security update for Word 2003 Service Pack 3: December 11, 2012
»support.microsoft.com/kb/2760497

Microsoft Security Bulletin MS12-077 - Critical
Cumulative Security Update for Internet Explorer (2761465)
»technet.microsoft.com/en-us/secu···ms12-077

Microsoft Security Bulletin MS12-078 - Critical
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534)
»technet.microsoft.com/en-us/secu···ms12-078

Microsoft Security Bulletin MS12-081 - Critical
Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857)
»technet.microsoft.com/en-us/secu···ms12-081

Microsoft Security Bulletin MS12-082 - Important
Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660)
»technet.microsoft.com/en-us/secu···ms12-082

Microsoft Security Bulletin MS12-078 - Critical
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534)
»technet.microsoft.com/en-us/secu···ms12-078

Application Compatibility Update for Windows Server 2008, Windows 7, and Windows Server 2008 R2: November 2012
»support.microsoft.com/kb/2762895

December 2012 cumulative time zone update for Windows operating systems
»support.microsoft.com/kb/2779562

The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running supported versions of Windows
»support.microsoft.com/?kbid=890830

Windows root certificate program members
»support.microsoft.com/kb/931125

An update is available that adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1
»support.microsoft.com/kb/2574819

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to dp
Which Service for Win 8 is "Windows Update Installer"?

I downloaded all updates I need from Microsoft Download Center and saved them to disk. Now I am ready to install them. I clicked on the first one and got an error message that the service "Windows Update Installer" is disabled and installation cannot proceed.

I have "BITS" and "Windows Update Service" disabled in Services. Neither of those is Windows Update Installer. I manually started Windows Installer and Windows Modules Installer. But I still get the error.

I do NOT want to use Windows Update ...EVER. So, how do I install these patches that I downloaded and stored? If Microsoft is forcing one to use Windows Update, then what is the point in having Microsoft Download Center? I never got errors like this with XP Pro. I have always used Microsoft Download Center to get patches. So, that is no longer allowed? I never had to use Windows Updates to get the patches on XP or Vista.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
fwiw Mele20 See Profile disabling BITS Services, etc, may have been OK under an XP Scenario.
Best guess, short of downloading the stand-alone installers, would be to enable these services when you need to fetch these updates.
If I am understanding you correctly.

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
I have the updates downloaded to disk and ready to install. I can't install them. That is the problem. The Windows Update Standalone installer won't run. I just enabled BITS but the installer still won't run.

I am vaguely recalling now threads in this forum a year or so ago about this issue and something about how Microsoft was now forcing everyone to use Windows Update even if they got the patches from Microsoft download center as I did. I think I recall saying I was happy that I no longer could get patches (because I was using Service Pack 2 not 3 for XP) and when I could still get patches for XP there was no forcing Windows Update on users.

I had forgotten about this. But now I am remembering. What I don't understand is if you have to turn on Windows Updates in order to install the updates you have manually gotten from Microsoft Download Center and saved on your hard drive then why does Microsoft Download Center exist? What is the point of it if the user is still forced to use Windows Update?

Is there another Microsoft installer I can use that is not dependent on Windows Update being enabled?
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


FFH5
Premium
join:2002-03-03
Tavistock NJ
kudos:5
Why the paranoid hatred of Windows Update? It can be run in a manual mode and not just automatic update mode?

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
It won't stay in manual mode.

WGA. No one could possibly want to use WU after the crap Microsoft pulled with WGA and WGA Notification. I am not and never have been a pirate. Microsoft accused me and all XP users of being pirates and forced WGA and WGA Notification.


goalieskates
Premium
join:2004-09-12
land of big

1 edit
reply to dp
Windows Update KB2753842 Will Make Some Fonts Stop Working

quote:
So what is the problem with this update? While it claims to prevent certain rogue (infected) OpenType fonts from working, it will stop all PostScript Type 1 (PFB) and all OpenType fonts containing Type 1 data from working in applications such as CorelDRAW and QuarkXpress. There may be other programs affected as well. Since this update is so new, more data is coming available all the time.
ETA: This quote is somewhat misleading. CorelDraw and Quark aren't the only programs having problems with this update; other affected programs include Adobe (Photoshop, AI) and many others.

Microsoft lists this as a security update, but they've hit a large number of industries hard, from graphics software to newspapers, etc. The only current workaround is to uninstall the update.


planet

join:2001-11-05
Oz
kudos:1
Reviews:
·Cox HSI
So are home users having any font issues with KB2753842?

Wondering too why it has differing KBs for some. I see 262KB and 520KB. Why the different size?

I'm thinking about holding up on this one for a bit. Hoping my HIPS will save me if need be.


Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..
reply to dp
There's more information about what KB2753842 breaks. From: More Details on Windows Update KB2753842 Breaking Some Fonts
quote:
...This problem also will strike users of Adobe Flash, Serif PagePlus, FlexiSign, Microsoft Excel and Microsoft PowerPoint. Look at that list again as it breaks Microsoft's own products! I fear the list will continue to grow. ... The problem only seems to occur with OpenType fonts containing PostScript outlines. As OpenType fonts can also contain TrueType data, you may have some OpenType fonts that work and some that don't. ...
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville


goalieskates
Premium
join:2004-09-12
land of big
reply to planet
said by planet:

So are home users having any font issues with KB2753842?

Definitely. It just depends on what they use.

I uninstalled it and hid it for now to keep it from coming back. It's reasonable to believe Microsoft will come up with a better solution eventually, although "when" depends on how complicated it turns out to be.