Did you hear that? Listen carefully for the soft whooshing sound on the early autumn breeze. That’s collective sigh of relief accompanying this month’s Microsoft Patch Tuesday release. This week Microsoft released 2 patches, addressing just 2 new privilege escalation vulnerabilities, described below.
(MS12-061) Vulnerability in Visual Studio Team Foundation Server Could Allow Elevation of Privilege (2719584)
(MS12-062) Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege (2741528)
Both vulnerabilities are rated Important by Microsoft…none Critical. None can be used to deliver malicious code to an unsuspecting user. None affect desktops, or widely-deployed server applications. None have been used in targeted attacks, or disclosed in any public forums. In short, it’s the least eventful Patch Tuesday in at least 2 years. This is a welcome respite after recent critical Java patches from Oracle, as well as Reader and Flash patches from Adobe. Enjoy the tranquility.
McAfee Labs is still investigating coverage for this month’s vulns. As details become available, you’ll find them on the McAfee Threat Center.