Topic 'Re: Microsoft Security Bulletin(s) for December 11, 2012' in forum 'Security' - dslreports.com

Re: Microsoft Security Bulletin(s) for December 11, 2012

Mon, 17 Dec 2012 09:23:25 EDT

goalieskates posted :

said by planet:

So are home users having any font issues with KB2753842?

Definitely. It just depends on what they use.

I uninstalled it and hid it for now to keep it from coming back. It's reasonable to believe Microsoft will come up with a better solution eventually, although "when" depends on how complicated it turns out to be.

Re: Microsoft Security Bulletin(s) for December 11, 2012

Sat, 15 Dec 2012 17:18:16 EDT

Blackbird posted : There's more information about what KB2753842 breaks. From: More Details on Windows Update KB2753842 Breaking Some Fonts

quote:
...This problem also will strike users of Adobe Flash, Serif PagePlus, FlexiSign, Microsoft Excel and Microsoft PowerPoint. Look at that list again as it breaks Microsoft's own products! I fear the list will continue to grow. ... The problem only seems to occur with OpenType fonts containing PostScript outlines. As OpenType fonts can also contain TrueType data, you may have some OpenType fonts that work and some that don't. ...

--
�The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.� A. de Tocqueville

Re: Microsoft Security Bulletin(s) for December 11, 2012

Sat, 15 Dec 2012 09:10:44 EDT

planet posted : So are home users having any font issues with KB2753842?

Wondering too why it has differing KBs for some. I see 262KB and 520KB. Why the different size?

I'm thinking about holding up on this one for a bit. Hoping my HIPS will save me if need be.

Re: Microsoft Security Bulletin(s) for December 11, 2012

Thu, 13 Dec 2012 14:50:37 EDT

goalieskates posted : Windows Update KB2753842 Will Make Some Fonts Stop Working

quote:
So what is the problem with this update? While it claims to prevent certain rogue (infected) OpenType fonts from working, it will stop all PostScript Type 1 (PFB) and all OpenType fonts containing Type 1 data from working in applications such as CorelDRAW and QuarkXpress. There may be other programs affected as well. Since this update is so new, more data is coming available all the time.

ETA: This quote is somewhat misleading. CorelDraw and Quark aren't the only programs having problems with this update; other affected programs include Adobe (Photoshop, AI) and many others.

Microsoft lists this as a security update, but they've hit a large number of industries hard, from graphics software to newspapers, etc. The only current workaround is to uninstall the update.

Re: Microsoft Security Bulletin(s) for December 11, 2012

Wed, 12 Dec 2012 05:15:28 EDT

Mele20 posted : It won't stay in manual mode.

WGA. No one could possibly want to use WU after the crap Microsoft pulled with WGA and WGA Notification. I am not and never have been a pirate. Microsoft accused me and all XP users of being pirates and forced WGA and WGA Notification.

Re: Microsoft Security Bulletin(s) for December 11, 2012

Wed, 12 Dec 2012 04:17:11 EDT

Linklist posted : Why the paranoid hatred of Windows Update? It can be run in a manual mode and not just automatic update mode?

Re: Microsoft Security Bulletin(s) for December 11, 2012

Wed, 12 Dec 2012 03:35:30 EDT

Mele20 posted : I have the updates downloaded to disk and ready to install. I can't install them. That is the problem. The Windows Update Standalone installer won't run. I just enabled BITS but the installer still won't run.

I am vaguely recalling now threads in this forum a year or so ago about this issue and something about how Microsoft was now forcing everyone to use Windows Update even if they got the patches from Microsoft download center as I did. I think I recall saying I was happy that I no longer could get patches (because I was using Service Pack 2 not 3 for XP) and when I could still get patches for XP there was no forcing Windows Update on users.

I had forgotten about this. But now I am remembering. What I don't understand is if you have to turn on Windows Updates in order to install the updates you have manually gotten from Microsoft Download Center and saved on your hard drive then why does Microsoft Download Center exist? What is the point of it if the user is still forced to use Windows Update?

Is there another Microsoft installer I can use that is not dependent on Windows Update being enabled?
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

Re: Microsoft Security Bulletin(s) for December 11, 2012

Tue, 11 Dec 2012 23:12:30 EDT

siljaline posted : fwiw Mele20 disabling BITS Services, etc, may have been OK under an XP Scenario.
Best guess, short of downloading the stand-alone installers, would be to enable these services when you need to fetch these updates.
If I am understanding you correctly.

Re: Microsoft Security Bulletin(s) for December 11, 2012

Tue, 11 Dec 2012 21:01:53 EDT

Mele20 posted : Which Service for Win 8 is "Windows Update Installer"?

I downloaded all updates I need from Microsoft Download Center and saved them to disk. Now I am ready to install them. I clicked on the first one and got an error message that the service "Windows Update Installer" is disabled and installation cannot proceed.

I have "BITS" and "Windows Update Service" disabled in Services. Neither of those is Windows Update Installer. I manually started Windows Installer and Windows Modules Installer. But I still get the error.

I do NOT want to use Windows Update ...EVER. So, how do I install these patches that I downloaded and stored? If Microsoft is forcing one to use Windows Update, then what is the point in having Microsoft Download Center? I never got errors like this with XP Pro. I have always used Microsoft Download Center to get patches. So, that is no longer allowed? I never had to use Windows Updates to get the patches on XP or Vista.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

Re: Microsoft Security Bulletin(s) for December 11, 2012

Tue, 11 Dec 2012 18:19:36 EDT

siljaline posted : Thanks for keeping us posted, dp :)

A Happy & Healthy Holiday Season to you and yours ~~

Updated, as follows:

MS11-091: Description of the security update for Publisher 2003: December 13, 2011
»support.microsoft.com/kb/2553084

MS12-060: Description of the security update for Office 2003 and Office 2003 Web Components: August 14, 2012
»support.microsoft.com/kb/2726929

MS12-079: Description of the security update for Word 2003 Service Pack 3: December 11, 2012
»support.microsoft.com/kb/2760497

Microsoft Security Bulletin MS12-077 - Critical
Cumulative Security Update for Internet Explorer (2761465)
»technet.microsoft.com/en-us/secu···ms12-077

Microsoft Security Bulletin MS12-078 - Critical
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534)
»technet.microsoft.com/en-us/secu···ms12-078

Microsoft Security Bulletin MS12-081 - Critical
Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857)
»technet.microsoft.com/en-us/secu···ms12-081

Microsoft Security Bulletin MS12-082 - Important
Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660)
»technet.microsoft.com/en-us/secu···ms12-082

Microsoft Security Bulletin MS12-078 - Critical
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534)
»technet.microsoft.com/en-us/secu···ms12-078

Application Compatibility Update for Windows Server 2008, Windows 7, and Windows Server 2008 R2: November 2012
»support.microsoft.com/kb/2762895

December 2012 cumulative time zone update for Windows operating systems
»support.microsoft.com/kb/2779562

The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running supported versions of Windows
»support.microsoft.com/?kbid=890830

Windows root certificate program members
»support.microsoft.com/kb/931125

An update is available that adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1
»support.microsoft.com/kb/2574819

Re: Microsoft Security Bulletin(s) for December 11, 2012

Tue, 11 Dec 2012 15:07:37 EDT

ltsnow posted : Got 7 updates for XP Pro SP3, not counting MSRT. Reboot required. Looking good.

Re: Microsoft Security Bulletin(s) for December 11, 2012

Tue, 11 Dec 2012 14:24:23 EDT

Linklist posted : Lots of updates today.

My Win 7 Home Premium desktop 32 bit system. A reboot was needed.
Win 7 optional patches:
[att=1]
Win 7 security patches:
[att=2]

My upgraded Win 8 Pro laptop 32 bit system. A reboot was needed.
Win 8 optional patches:
[att=3]
Win 8 security patches:
[att=4]
--
A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the public treasury.

Merry Christmas »goo.gl/Y2AEF

Re: Microsoft Security Bulletin(s) for December 11, 2012

Tue, 11 Dec 2012 13:57:46 EDT

Cartel posted :

said by dp:

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»technet.microsoft.com/en-us/secu···ms12-dec

Critical (5)

Microsoft Security Bulletin MS12-077
Cumulative Security Update for Internet Explorer (2761465)
»technet.microsoft.com/en-us/secu···ms12-077

Microsoft Security Bulletin MS12-078
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534)
»technet.microsoft.com/en-us/secu···ms12-078

Microsoft Security Bulletin MS12-079
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642)
»technet.microsoft.com/en-us/secu···ms12-079

Microsoft Security Bulletin MS12-080
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126)
»technet.microsoft.com/en-us/secu···ms12-080

Microsoft Security Bulletin MS12-081
Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857)
»technet.microsoft.com/en-us/secu···ms12-081

Important (2)

Microsoft Security Bulletin MS12-082
Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660)
»technet.microsoft.com/en-us/secu···ms12-082

Microsoft Security Bulletin MS12-083
Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809)
»technet.microsoft.com/en-us/secu···ms12-083

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

KB2779030 and KB2753842 seem to be the same updates.
The pages are confusing.

Both say MS12-078
»support.microsoft.com/kb/2753842
»support.microsoft.com/kb/2779030

And WU takes me to these for both
»technet.microsoft.com/en-us/secu···ms12-078
»technet.microsoft.com/en-us/secu···ms12-078

and I don't see KB2779030 on your list.

:(

further reading shows KB2761226 in MS12-075 replaced by KB2779030, KB2731847 in MS12-055 replaced by KB2761226, KB2718523 in MS12-047 replaced by KB2731847, KB2709162 in MS12-041 replaced by KB2718523, KB2641653 in MS12-018 replaced by KB2709162, MS12-008 replaces MS12-018 replaces MS11-087 replaces MS11-084 and it keeps on going.

M$ has me totally confused now.

And none of mine say "critical"

[att=1]

Re: Microsoft Security Bulletin(s) for December 11, 2012

Tue, 11 Dec 2012 13:54:07 EDT

art22gg posted : Thanks dp....No MS Net updates....yeah!... :D

Re: Microsoft Security Bulletin(s) for December 11, 2012

Tue, 11 Dec 2012 13:27:59 EDT

MarkAW posted : Thanks dp and NICK ADSL UK . 9 updates for my Win 7 32bit system 10 if i let bing be installed.

Re: Microsoft Security Bulletin(s) for December 11, 2012

Tue, 11 Dec 2012 13:27:38 EDT

NICK ADSL UK posted : Thanks don :)

TechNet Webcast: Information About the December 2012 Security Bulletin Release

Event ID: 1032522564

Language(s): English.

Product(s): computer security and information security.

Audience(s): IT Decision Maker, IT Implem_IT Generalist and IT Manager.

Join us for a brief overview of the technical details of this month's Microsoft security bulletins. We intend to address your concerns in this webcast. Therefore, Microsoft security experts devote most of this webcast to answering the questions that you ask.

Starts: Wednesday, December 12, 2012 11:00 AM
Time zone: (GMT-08:00) Pacific Time (US & Canada)
Duration: 1 hour(s)

Presented by:

Dustin Childs, Group Manager, Trustworthy Computing, Microsoft Corporation

and

Jonathan Ness, Principal Security Development Lead, Microsoft Corporation

Register now for the December security bulletin webcast.
--
Wilders Security Forum Admin
Microsoft MVP - Consumer Security

Microsoft Security Bulletin(s) for December 11, 2012

Tue, 11 Dec 2012 13:01:33 EDT

dp posted : Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»technet.microsoft.com/en-us/secu···ms12-dec

Critical (5)

Microsoft Security Bulletin MS12-077
Cumulative Security Update for Internet Explorer (2761465)
»technet.microsoft.com/en-us/secu···ms12-077

Microsoft Security Bulletin MS12-078
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534)
»technet.microsoft.com/en-us/secu···ms12-078

Microsoft Security Bulletin MS12-079
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642)
»technet.microsoft.com/en-us/secu···ms12-079

Microsoft Security Bulletin MS12-080
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126)
»technet.microsoft.com/en-us/secu···ms12-080

Microsoft Security Bulletin MS12-081
Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857)
»technet.microsoft.com/en-us/secu···ms12-081

Important (2)

Microsoft Security Bulletin MS12-082
Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660)
»technet.microsoft.com/en-us/secu···ms12-082

Microsoft Security Bulletin MS12-083
Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809)
»technet.microsoft.com/en-us/secu···ms12-083

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.
--
Microsoft� Security MVP, 2004 - 2012
DP's Security Bits