This month Microsoft have released seven (7) security bulletins of which three (3) have a maximum rating of Critical, and four (4) having a maximum rating of Important.
For Update Tuesday we’re releasing seven security bulletins – three Critical-class and four Important – addressing 26 unique CVEs to further improve the security postures of Microsoft Windows, Internet Explorer, Dynamics AX, Microsoft Lync, and the Microsoft .NET Framework. In addition to the security bulletins, we are releasing an automatic updater feature for Windows Vista and Windows 7 untrusted certificates.
This new automatic updater feature provides a mechanism that allows Windows to specifically flag certificates as untrusted. With this new feature, Windows will check daily for updated information about certificates that are no longer trustworthy. In the past, movement of certificates to the untrusted store required a manual update. This new automatic update mechanism, which relies on a list of untrusted certificates known as a Disallowed Certificate Trust List (CTL), is detailed on the PKI blog. We encourage all customers to install this new feature immediately. [1]
| Bulletin | KB number | Description | Severity | Impact | Software |
|---|---|---|---|---|---|
| MS12-036 | 2685939 | Vulnerability in Remote Desktop Could Allow Remote Code Execution | Remote Code Execution | Critical | Microsoft Windows |
| MS12-037 | 2699988 | Cumulative Security Update for Internet Explorer | Remote Code Execution | Critical | Microsoft Windows, Internet Explorer |
| MS12-038 | 2706726 | Vulnerability in .NET Framework Could Allow Remote Code Execution | Remote Code Execution | Critical | Microsoft Windows, Microsoft .NET Framework |
| MS12-039 | 2707956 | Vulnerabilities in Lync Could Allow Remote Code Execution | Remote Code Execution | Important | Microsoft Lync |
| MS12-040 | 2709100 | Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege | Elevation of Privilege | Important | Microsoft Dynamics AX |
| MS12-041 | 2709162 | Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege | Elevation of Privilege | Important | Microsoft Windows |
| MS12-042 | 2711167 | Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege | Elevation of Privilege | Important | Microsoft Windows |
PATCH NOW:
* MS12-036
* MS12-037 (CVE-2012-1875 has active exploits against it according to the bulletin.)
[1.] Certificate Trust List update and the June 2012 bulletins (2012-Jun-12) [MS: MSRC]
[2.] Microsoft June 2012 Black Tuesday Update – Overview (2012-Jun-12) [SANS]
[3.] Microsoft Security Bulletin Summary for June 2012 (2012-Jun-12) [MS]
[4.] Microsoft security updates for June 2012 (2012-Jun-12) [MS]
