pro·crasti·nation n.
Adobe has released one patch for this month in addition to the out-of cycle release patch from earlier in the month.
| Bulletin | Description | Severity | Impact | Software |
|---|---|---|---|---|
| APSB12-06 | Security update: Hotfix available for ColdFusion | Denial of Service | Important | ColdFusion |
This month Microsoft have released six (6) security bulletins of which one (1) has a maximum rating of Critical, four (4) which have a maximum rating of Important, and one (1) having a maximum rating of Moderate.
Hello. Today we’re releasing six security bulletins – one Critical-class, four Important and one Moderate – addressing seven issues in Microsoft Windows, Visual Studio, and Expression Design. We recommend that customers focus on MS12-020, our sole critical-class bulletin, as the March deployment priority. [1]
| Bulletin | KB number | Description | Severity | Impact | Software |
|---|---|---|---|---|---|
| MS12-017 | 2647170 | Vulnerability in DNS Server Could Allow Denial of Service | Denial of Service | Important | Microsoft Windows |
| MS12-018 | 2641653 | Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege | Elevation of Privilege | Important | Microsoft Windows |
| MS12-019 | 2665364 | Vulnerability in DirectWrite Could Allow Denial of Service | Denial of Service | Moderate | Microsoft Windows |
| MS12-020 | 2671387 | Vulnerabilities in Remote Desktop Could Allow Remote Code Execution | Remote Code Execution | Critical | Microsoft Windows |
| MS12-021 | 2651019 | Vulnerability in Visual Studio Could Allow Elevation of Privilege | Elevation of Privilege | Important | Microsoft Visual Studio |
| MS12-022 | 2651018 | Vulnerability in Expression Design Could Allow Remote Code Execution | Remote Code Execution | Important | Microsoft Expression Design |
PATCH NOW:
MS12-020 ~ These factors make it very attractive for attackers to attempt reverse-engineering Microsoft’s MS12-020 patch to, understand the details of the bug and craft an exploit. This will likely happen sooner than 30 days. The universal applicability of the exploit and its targetability over the Internet and internal networks might motivate the creation auto-propagating worms to capture systems quickly and efficiently. [5]
Firefox v.11.0, was offered to release channel users on March 13, 2012
Fixed in Firefox 11 [4]
MFSA 2012-19 Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28)
MFSA 2012-18 window.fullScreen writeable by untrusted content
MFSA 2012-17 Crash when accessing keyframe cssText after dynamic modification
MFSA 2012-16 Escalation of privilege with Javascript: URL as home page
MFSA 2012-15 XSS with multiple Content Security Policy headers
MFSA 2012-14 SVG issues found with Address Sanitizer
MFSA 2012-13 XSS with Drag and Drop and Javascript: URL
MFSA 2012-12 Use-after-free in shlwapi.dll
Vulnerability ratings: 5 Critical, 3 Moderate
Evaluation: With five critical vulnerabilities, it is time to update.
