Hi all,


Strap on your patching shoes…today is once again Microsoft Patch Tuesday.  This week Microsoft released 6 patches, addressing a total of 19 vulnerabilities.  4 of the 6 patches are rated Critical by Microsoft, including patches to Internet Explorer, .NET Framework, and the Windows Kernel and Shell.  The remaining patches address issues in MS Excel (Important) and IIS (Moderate).  None of this month’s vulnerabilities have been seen to be exploited in the wild.


This month’s patches include:


  • (MS12-071) Cumulative Security Update for Internet Explorer (2761451)
  • (MS12-072) Vulnerabilities in Windows Shell Could Allow Remote Code Execution (2727528)
  • (MS12-073) Vulnerabilities in Microsoft Internet Information Services Could Allow Information Disclosure (2733829)
  • (MS12-074) Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2745030)
  • (MS12-075) Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2761226)
  • (MS12-076) Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2720184)


This bunch of patches is noteworthy as it includes the very first security patches to Microsoft’s shiny new OSs: Windows 8 and Windows RT.  MS12-072, -074, and -075 all affect Win 8, and -074 and -075 affect Win RT as well.  Windows RT, as you may know, is Microsoft’s OS designed for low-power devices like tablets.  These patches mark the entry of tablets into mainstream security management processes. 


Up until now, security patches have typically been delivered as part of monolithic OS upgrades for the devices.  For example, in iOS 6.0, Apple patched 197 security vulnerabilities.  iOS 6.0.1, released 43 days later, patched 4 more.  Many users never get around to upgrading their mobile device OS, either out of ignorance, or deliberately.  There’s an entire proud community stuck on iOS 5.x in order to avoid the “upgrade” to from Google Maps to Apple Maps (Google, we had no idea how much we loved you until you were gone…)  These unpatched devices are a risk to enterprises, and there is often very little that can be done about it.  Windows RT introduces a much-needed new paradigm for these devices.  It will be interesting to see how this affects adoption of Windows RT in the enterprise.


McAfee’s confirmed coverage for this month’s vulns is as follows:


  • McAfee VirusScan's buffer overflow protection is expected to provide proactive protection against exploits of 9 out of 19 vulnerabilities this month.
  • McAfee Host Intrusion Prevention is expected to provide protection against exploits of 11 out of 19 vulnerabilities this month.
  • McAfee's Network Security Platform has new signatures confirmed to protect exploits of 6 out of 19 vulnerabilities this month.
  • McAfee Application Control is confirmed to provide protection against exploits of  9 out of 19 vulnerabilities this month.
  • McAfee Vulnerability Manager and Policy Auditor will very shortly have content to assess whether your systems are exposed to any of these new vulnerabilities.


Aggregate coverage (combining host and network-based countermeasure together) is 13 out of 19.  Additional research is being performed by McAfee Labs, and coverage may improve as additional results roll in. 

As more details become available, you’ll find them on the McAfee Threat Center.


You might also be interested in subscribing to McAfee Labs Security Advisories, where you can get real-time updates via email, or listening to AudioParasitics, the official McAfee Labs podcast:


Happy patching!