Microsoft August 2012 Patch Tuesday Review

Microsoft has release, the 14 August 2012, during his August Patch Tuesday, two security advisories and nine security bulletins. On the nine security bulletins six of them have a Critical security rating.

Microsoft Security Advisory 2661254

MSA-2661254 is the suite of the Flame malware attacks consequences. Microsoft allow the usage restriction of certificates with RSA keys less than 1024 bits in length. This MSA will be pushed as a security update during October 2012 Patch Tuesday, so you have two months to assess the impact of this update. We strongly recommend you to test this MSA before pushing it on all your Windows, KB-2661254 provide you known issues with this security update. For example, Internet Explorer will not allow access to a website that is secured by using an RSA certificate that has a key length of less than 1024 bits.

Microsoft Security Advisory 2737111

MSA-2737111 is dealing with vulnerabilities in third-party code, Oracle Outside In libraries, that affect Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, and FAST Search Server 2010 for SharePoint. These Oracle vulnerabilities were patched during July 2012 Oracle quarterly patch cycle. MS12-058 security bulletin addresses this issue for Microsoft Exchange. Also, these Oracle Outside In vulnerabilities have been publicly disclosed.

MS12-052 – Cumulative Security Update for Internet Explorer

MS12-052 security update, classified as Critical, allowing remote code execution, is the fix for four privately reported vulnerabilities. CVE-2012-1526 has a CVSS base score of 9.3 and was discovered and privately reported by GWSlabs. CVE-2012-2521 has a CVSS base score of 9.3 and was discovered and privately reported by Derek Soeder. CVE-2012-2522 has a CVSS base score of 9.3 and was discovered and privately reported by Sung-ting Tsai and Ming-Chieh Pan of Trend MicroCVE-2012-2523 has a CVSS base score of 9.3 ans was discovered and privately reported by Cris Neckar of Google’s Chrome Security Team.

MS12-053 – Vulnerability in Remote Desktop Could Allow Remote Code Execution

MS12-053 security update, classified as Critical, allowing remote code execution, is fixing one vulnerability CVE-2012-2526. This vulnerability has a CVSS base score of 9.3 and was discovered and privately reported by Edward Torkington.

MS12-054 – Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution

MS12-054 security update, classified as Critical, allowing remote code execution, is fixing four privately reported vulnerabilities. All these vulnerabilities were reported by Yamata Li. CVE-2012-1850 has a CVSS base score of 5.0. CVE-2012-1851CVE-2012-1852 and CVE-2012-1853 have a CVSS base score of 10.0.

MS12-055 – Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege

MS12-055 security update, classified as Important, allowing elevation of privilege, is fixing one vulnerability CVE-2012-2527. This vulnerability has a CVSS base score of 7.2 and was discovered and privately reported by Matthew Jurczyk of Google Inc.

MS12-056 – Vulnerability in JScript and VBScript Engines Could Allow Remote Code Execution

MS12-056 security update, classified as Important, allowing remote code execution, is fixing one vulnerability CVE-2012-2523. This vulnerability has a CVSS base score of 9.3 and was discovered and privately reported by Cris Neckar of Google’s Chrome Security Team.

MS12-057 – Vulnerability in Microsoft Office Could Allow Remote Code Execution

MS12-057 security update, classified as Important, allowing remote code execution, is fixing one vulnerability CVE-2012-2524. This vulnerability has a CVSS base score of 9.3 and was discovered and privately reported by Andrei Costin.

MS12-058 – Vulnerabilities in Microsoft Exchange ServerWebReady Document Viewing Could Allow Remote Code Execution

MS12-049 security update, classified as Critical, allowing remote code execution, is fixing 13 vulnerabilities discovered in third-party code Oracle Outside In librairies. These vulnerabilities have been publicly disclosed.

MS12-059 – Vulnerability in Microsoft Visio Could Allow Remote Code Execution

MS12-059 security update, classified as Important, allowing remote code execution, is fixing one vulnerability CVE-2012-1888. This vulnerability has a CVSS base score of 9.3 and was discovered and privately reported by Alexander Gavrun.

MS12-060 – Vulnerability in Windows Common Controls Could Allow Remote Code Execution

MS12-060 security update, classified as Critical, allowing remote code execution, is fixing one vulnerability CVE-2012-1856. This vulnerability has a CVSS base score of 9.3 and was discovered and privately reported by an unknown security researcher.