Microsoft has release, the 13 November 2012, during his November Patch Tuesday, two updated security advisories and six security bulletins. On the six security bulletins four of them has a Critical security rating.
Microsoft Security Advisory 2269637
MSA-2269637, released during August 2010, has been updated. The security advisory is regarding “Insecure Library Loading” and the update has add the reference to MS12-074 “Vulnerabilities in .NET Framework Could Allow Remote Code Execution“.
Microsoft Security Advisory 2749655
MSA-2749655, release during October 2012, has been updated. The security advisory is regarding “Compatibility Issues Affecting Signed Microsoft Binaries” and the update has modify the reference to KBs of “Microsoft Office 2003 Service Pack 3” updates.
MS12-071 – Cumulative Security Update for Internet Explorer
MS12-071 security update, classified as Critical, allowing remote code execution, is the fix for three privately reported vulnerabilities. CVE-2012-1538 has a 9.3 CVSS base score and was discovered and privately reported by Jose A. Vazquez of spa-s3c.blogspot.com, working with VeriSign iDefense Labs. CVE-2012-1539 has a 10.0 CVSS base score and was discovered and privately reported by Jose A. Vazquez of spa-s3c.blogspot.com, working with VeriSign iDefense Labs. CVE-2012-4775 has a 9.3 CVSS base score and was discovered and privately reported by Cheng-da Tsai (Orange), Sung-ting Tsai, and Ming-chieh Pan (Nanika) of Trend Micro.
Affected software is:
- Internet Explorer 9
MS12-072 – Vulnerabilities in Windows Shell Could Allow Remote Code Execution
MS12-072 security update, classified as Critical, allowing remote code execution, is fixing two privately reported vulnerabilities. CVE-2012-1527 has a 9.3 CVSS base score and was discovered and privately reported by Tal Zeltzer, working with VeriSign iDefense Labs. CVE-2012-1528 has a 9.3 CVSS base score and was discovered and privately reported by Tal Zeltzer, working with VeriSign iDefense Labs.
Affected softwares are:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows 7 for 32-bit Systems
- Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems
- Windows 7 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows 8 for 32-bit Systems
- Windows 8 for 64-bit Systems
- Windows Server 2012
MS12-074 – Vulnerabilities in .NET Framework Could Allow Remote Code Execution
MS12-074 security update, classified as Critical, allowing remote code execution, is fixing five privately vulnerabilities. CVE-2012-1895 has a 9.3 CVSS base score and was discovered and privately reported by James Forshaw of Context Information Security. CVE-2012-1896 has a 5.0 CVSS base score and was discovered and privately reported by James Forshaw of Context Information Security. CVE-2012-2519 has a 7.9 CVSS base score and was discovered and privately reported. CVE-2012-4776 has a 9.3 CVSS base score and was discovered and privately reported by James Forshaw of Context Information Security. CVE-2012-4777 has a 9.3 CVSS base score and was discovered and privately reported by James Forshaw of Context Information Security.
Affected softwares are:
- Microsoft .NET Framework 1.1 Service Pack 1
- Microsoft .NET Framework 1.0 Service Pack 3
- Microsoft .NET Framework 2.0 Service Pack 2
- Microsoft .NET Framework 1.1
- Microsoft .NET Framework 3.5
- Microsoft .NET Framework 3.5.1
- Microsoft .NET Framework 4
- Microsoft .NET Framework 4.5
MS12-075 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
MS12-075 security update, classified as Important, allowing remote code execution, is fixing three privately reported vulnerabilities. CVE-2012-2530 has a 7.2 CVSS base score and was discovered and privately reported. CVE-2012-2553 has a 7.2 CVSS base score and was discovered and privately reported by Matthew Jurczyk of Google Inc. CVE-2012-2897 has a 10.0 CVSS base score and was discovered and privately reported by Eetu Luodemaa and Joni Vähämäki of Documill, working with the Chromium Security Rewards Program.
Affected softwares are:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows 7 for 32-bit Systems
- Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems
- Windows 7 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows 8 for 32-bit Systems
- Windows 8 for 64-bit Systems
- Windows Server 2012
MS12-076 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
MS12-076 security update, classified as Important, allowing remote code execution, is fixing four privately reported vulnerabilities. CVE-2012-1885 has a 9.3 CVSS base score and was discovered and privately reported by Sean Larsson, working with the iDefense VCP. CVE-2012-1886 has a 9.3 CVSS base score and was discovered and privately reported by an anonymous researcher, working with the iDefense VCP. CVE-2012-1887 has a 9.3 CVSS base score and was discovered and privately reported by an anonymous researcher, working with the iDefense VCP. CVE-2012-2543 has a 9.3 CVSS base score and was discovered and privately reported by an anonymous researcher, working with HP TippingPoint’s Zero Day Initiative.
Affected softwares are:
- Microsoft Office 2003 Service Pack 3
- Microsoft Office 2007 Service Pack 2
- Microsoft Office 2007 Service Pack 3
- Microsoft Office 2010 Service Pack 1 (32-bit editions)
- Microsoft Office 2010 Service Pack 1 (64-bit editions)
- Microsoft Office 2008 for Mac
- Microsoft Office for Mac 2011
- Microsoft Excel Viewer
- Microsoft Office Compatibility Pack Service Pack 2
- Microsoft Office Compatibility Pack Service Pack 3
MS12-073- Vulnerability in Kerberos Could Allow Denial of Service
MS12-073 security update, classified as Moderate, allowing information disclosure, is fixing two vulnerabilities. CVE-2012-2531 has a 2.1 CVSS base score and was discovered and privately reported by Justin Royce of ProDX. CVE-2012-2532 has a 5.0 CVSS base score and was discovered and publicly reported.
Affected softwares are:
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows 7 for 32-bit Systems
- Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems
- Windows 7 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
- Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
- Windows Server 2008 R2 for x64-based Systems (Server Core installation)
- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Merci Eric! Donc ms12-072, 074 & 075 sont les nouveaux préférés de la scène 🙂