It’s that time again, and will be the last one to wrap around for the year 2012. On patch Tuesday today, Microsoft released 7 security bulletins, 5 in critical class and 2 in important class, addressing 12 vulnerabilities in Microsoft Windows, IE, Word, and Windows Server. For those who need to prioritize deployment, the following two critical updates, addressing remote code execution vulnerabilities in IE and Word, need to be put in place first.
MS12-077 – Critical (Internet Explorer) – Cumulative Security Update for Internet Explorer (2761465)
MS12-079 – Critical (Microsoft Word) – Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642)
The other 5 security bulletins include:
MS12-078 – Critical (Windows) – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534)
MS12-080 – Critical (Windows Servers) – Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126)
MS12-081 – Critical (Windows) – Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857)
MS12-082 – Important (Windows) – Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660)
MS12-083 – Important (Windows) – Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809)
An updated version of the Microsoft Windows Malicious Software Removal Tool is also released through both Windows Update services and the Download Center.
It’s recommended that all security updates are being updated as soon as possible. The deployment priority guidance is also recommended to those who manage large scale of network.
And for those who are interested in some interesting reading on security topics over the holiday season, Microsoft TwC team also complied and released a white paper that lays out ways to help prevent these Pass-the-Has (PtH) attaches. And you can download this guidance whitepaper called “Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques” or check out this blog post on Microsoft.