On a scheduled monthly patch Tuesday, Microsoft released total 9 security patches, 5 critical and 4 important, to address 26 vulnerabilities in Microsoft Windows, IE, Exchange Server, SQL Server, Server Software, Developer Tools, and Office. Microsoft highly recommends updating the following 3 critical updates first.
MS12-052 – Critical – Cumulative Security Update for Internet Explorer (2722913). This update will upgrade your IE 9 to 9.0.9 once applied.
MS12-054 – Critical – Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution (2733594)
MS12-060 – Critical – Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2720573)
You can also check this priority chart when planning on deploying these security patches.
The rest of the security patches are:
MS12-053 – Critical – Vulnerability in Remote Desktop Could Allow Remote Code Execution (2723135)
MS12-058 – Critical – Vulnerabilities in Microsoft Exchange Server WebReady Document Viewing Could Allow Remote Code Execution (2740358)
MS12-055 – Important – Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2731847)
MS12-056 – Important – Vulnerability in JScript and VBScript Engines Could Allow Remote Code Execution (2706045)
MS12-057 – Important – Vulnerability in Microsoft Office Could Allow Remote Code Execution (2731879)
MS12-059 – Important – Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2733918)
All updates will be downloaded automatically from Microsoft Update if you have Windows Update enabled on your computer, which you always should. They can also be downloaded through Microsoft Download Center. Just doing a keyword search for “security update”.
Microsoft also pre-announced the release of Security Advisory 2661254 in October 2012 update cycle. It is the update for Minimum Certificate Key Length that changes how Windows deal with certificate that have RSA keys of less than 1024 bits in length.
You can find more information about this month’s security updates on Microsoft Security Bulletin Summary for August 2012.