Patch Tuesday for April 2012
Microsoft starts out this patch Tuesday by releasing a new version of the Malicious Software Removal Tool.
After that follow 10 security patches with the Critical Severity rating. It is important to note that MS12-024 is a threat from "unauthenticated" remote attackers while the .Net patches (MS12-025) are for "authenticated" remote attackers. .NET, always a favorite target so keep it updated if you use it. If you don't use it, then why have it installed?
MS12-023 Cumulative update for IE
Critical for XP, Vista, and 7
Moderate for Server 2003, 2008, and 2008 R2
***Possible exploitation of machines running IE
MS12-024 Security update for Windows
Critical for XP, Vista, 7, Server 2003, Server 2008
***Unauthenticated remote attacker could compromise and gain control of system
MS12-025 Security update for .NET framework 4
Critical for XP, Vista, 7, Server 2003, Server 2008, Server 2008 R2
***An authenticated remote attacker could compromise and gain control of systems using .Net Framework 4
MS12-025 Security update for .NET framework 2.0 SP2 (Separate patches for XP/2003 vs. 2008/Vista)
Critical for XP, Server 2003, Server 2008, Vista
***an authenticated remote attacker could compromise and gain control of systems using .Net Framework 2.0 SP2
MS12-025 Security update for .NET framework 1.1 SP1 (Separate patches for Server 2003/Server 2003 R2 x86 vs XP/Vista/2008)
Critical for XP, Vista, Server 2003, Server 2003 R2 x86, Server 2008
***An authenticated remote attacker could compromise and gain control of systems using .Net Framework1.1 SP1
MS12-025 Security update for .NET framework 3.5.1 (Two patches exist for this one)
Critical for Windows 7, Server 2008 R2
*** An authenticated remote attacker could compromise and gain control of systems using .Net Framework 3.5.1
MS12-025 Security update for .NET framework 1.0 SP3
Critical for XP Tablet PC and XP Media Center
*** An authenticated remote attacker could compromise and gain control of systems running .Net Framework 1.0 SP3
MS12-027 Vulnerability in Windows Common Controls
Critical for Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 original and SP1 32 bit editions, Multiple versions of SQL server, Visual Fox Pro, Visual Basic, etc., etc., etc. (Yes, there is more MS software listed that IS affected than IS NOT).
*** Remote code execution could be achieved if user visits a specially crafted website
MS12-026 Vulnerability in Microsoft Office
Important for Office 2007 SP2, Works 9, Works file converter 6-9
*** Remote code execution possible if user opens a specially crafted works document; exploit limited to rights of current user (use least privilege folks; or just don't use works documents altogether :-)
After that follow 10 security patches with the Critical Severity rating. It is important to note that MS12-024 is a threat from "unauthenticated" remote attackers while the .Net patches (MS12-025) are for "authenticated" remote attackers. .NET, always a favorite target so keep it updated if you use it. If you don't use it, then why have it installed?
MS12-023 Cumulative update for IE
Critical for XP, Vista, and 7
Moderate for Server 2003, 2008, and 2008 R2
***Possible exploitation of machines running IE
MS12-024 Security update for Windows
Critical for XP, Vista, 7, Server 2003, Server 2008
***Unauthenticated remote attacker could compromise and gain control of system
MS12-025 Security update for .NET framework 4
Critical for XP, Vista, 7, Server 2003, Server 2008, Server 2008 R2
***An authenticated remote attacker could compromise and gain control of systems using .Net Framework 4
MS12-025 Security update for .NET framework 2.0 SP2 (Separate patches for XP/2003 vs. 2008/Vista)
Critical for XP, Server 2003, Server 2008, Vista
***an authenticated remote attacker could compromise and gain control of systems using .Net Framework 2.0 SP2
MS12-025 Security update for .NET framework 1.1 SP1 (Separate patches for Server 2003/Server 2003 R2 x86 vs XP/Vista/2008)
Critical for XP, Vista, Server 2003, Server 2003 R2 x86, Server 2008
***An authenticated remote attacker could compromise and gain control of systems using .Net Framework1.1 SP1
MS12-025 Security update for .NET framework 3.5.1 (Two patches exist for this one)
Critical for Windows 7, Server 2008 R2
*** An authenticated remote attacker could compromise and gain control of systems using .Net Framework 3.5.1
MS12-025 Security update for .NET framework 1.0 SP3
Critical for XP Tablet PC and XP Media Center
*** An authenticated remote attacker could compromise and gain control of systems running .Net Framework 1.0 SP3
MS12-027 Vulnerability in Windows Common Controls
Critical for Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 original and SP1 32 bit editions, Multiple versions of SQL server, Visual Fox Pro, Visual Basic, etc., etc., etc. (Yes, there is more MS software listed that IS affected than IS NOT).
*** Remote code execution could be achieved if user visits a specially crafted website
MS12-026 Vulnerability in Microsoft Office
Important for Office 2007 SP2, Works 9, Works file converter 6-9
*** Remote code execution possible if user opens a specially crafted works document; exploit limited to rights of current user (use least privilege folks; or just don't use works documents altogether :-)
Comments