Microsoft Patch Tuesday - SANS Internet Storm Center

Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/

Handler on Duty: Rob VandenBrink

Threat Level: green

Microsoft Patch Tuesday 2012-08-14

MS12-052
Title	Cumulative Security Update for Internet Explorer - Layout Memory Corruption Vulnerability
Replaces	MS12-037
Affected	MSIE
KB	KB2722913
Known Exploits	No
Microsoft Rating	Critical
ISC Client Rating	Critical
ISC Server Rating	Critical

CVE	Exploitability
2012-1526	1

Top of page

MS12-053
Title	Vulnerability in Remote Desktop Could Allow Remote Code Execution
Replaces	MS12-036
Affected	Remote Desktop
KB	KB2723135
Known Exploits	No
Microsoft Rating	Critical
ISC Client Rating	Critical
ISC Server Rating	Critical

CVE	Exploitability
2012-2526	2

Top of page

MS12-054
Title	Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution
Replaces	MS80-67, MS90-22
Affected	Windows Networking
KB	KB2733594
Known Exploits	No
Microsoft Rating	Critical
ISC Client Rating	Critical
ISC Server Rating	Critical

CVE	Exploitability
2012-1850	1

Top of page

MS12-055
Title	Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevatin of Privilege
Replaces	MS12-047
Affected	Windows Kernel Mode Drivers
KB	KB2731847
Known Exploits	No
Microsoft Rating	Important
ISC Client Rating	Important
ISC Server Rating	Important

CVE	Exploitability
2012-2527	1

Top of page

MS12-056
Title	Vulnerability in JScript and VBScript Engines Could Allow Remote Code Execution
Replaces	MS11-031
Affected	JScript and VBScript
KB	KB2706045
Known Exploits	No
Microsoft Rating	Important
ISC Client Rating	Critical
ISC Server Rating	Critical

CVE	Exploitability
2012-3408	2

Top of page

MS12-057
Title	Vulnerability in Microsoft Office Could Allow Remote Code Execution
Replaces	MS10-105, MS11-073
Affected	Office
KB	KB2731879
Known Exploits	No
Microsoft Rating	Important
ISC Client Rating	Important
ISC Server Rating	Important

CVE	Exploitability
2012-2524	3

Top of page

MS12-058
Title	Vulnerability in Microsoft Exchange Server WebReady Document Viewing Could Allow Remote Code Execution
Replaces
Affected	Exchange
KB	KB2740358
Known Exploits	No
Microsoft Rating	Critical
ISC Client Rating	N/A
ISC Server Rating	N/A

CVE	Exploitability
2012-2525	1

Top of page

MS12-059
Title	Vulnerability in Microsoft Visio Could Allow Remote Code Execution
Replaces	MS11-089, MS12-031
Affected	Visio
KB	KB2733918
Known Exploits	No
Microsoft Rating	Important
ISC Client Rating	Important
ISC Server Rating	Important

CVE	Exploitability
2012-1888	1

Top of page

MS12-060
Title	Vulnerability in Windows Common Controls Could Allow Remote Code Execution
Replaces	MS12-027
Affected	MSCOMCTL.OCX
KB	KB2720573
Known Exploits	No
Microsoft Rating	Critical
ISC Client Rating	Critical
ISC Server Rating	Critical

CVE	Exploitability
2012-1856	1

Top of page

We will update issues on this page for about a week or so as they evolve. We appreciate your updates!
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY

(*): ISC rating

We use 4 levels:
- PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
- Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
- Important: Things where more testing and other measures can help.
- Less Urgent: practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
- The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.