Microsoft’s July 2012 Patch Tuesday: Critical Internet Explorer 9 Vulnerability Patch, Nine Security Bulletins

Microsoft has issued nine security bulletins as advanced bulletin notification for July 2012 Patch Tuesday. The nine security bulletins fixes 16 issues in the Windows operating system, Internet Explorer, Visual Basic for Applications, and Microsoft Office.

Out of the nine security bulletins of July 2012 Patch Tuesday, Microsoft has rated three of the security bulletins; MS12-043 (Microsoft XML Core Services), MS12-045 (Microsoft Data Access Components ), MS12-044 (Internet Explorer), as critical. The remaining six, MS12-046, MS12-048, MS12-047, MS12-049, MS12-050 and MS12-051 as important. Almost all the patches except one will need a system restart.

July 2012 Patch Tuesday DP

July 2012 Patch Tuesday XI

UPDATE

July 2012 Patch Tuesday Security Bulletin Overview

  • MS12-043 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479):

    This security update resolves a publicly disclosed vulnerability in Microsoft XML Core Services. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes the user to the attacker’s website.

  • MS12-044 Cumulative Security Update for Internet Explorer (2719177):

    This security update resolves two privately reported vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  • MS12-045 Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365):

    This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views a specially crafted webpage. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  • MS12-046 Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960):

    This security update resolves one publicly disclosed vulnerability in Microsoft Visual Basic for Applications. The vulnerability could allow remote code execution if a user opens a legitimate Microsoft Office file (such as a .docx file) that is located in the same directory as a specially crafted dynamic link library (DLL) file. An attacker could then install programs; view, change, or delete data; or create new accounts that have full user rights. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  • MS12-047 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2718523):

    This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

  • MS12-048 Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442):

    This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a file or directory with a specially crafted name. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  • MS12-049 Vulnerability in TLS Could Allow Information Disclosure (2655992):

    This security update resolves a publicly disclosed vulnerability in TLS. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. All cipher suites that do not use CBC mode are not affected.

  • MS12-050 Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502):

    This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft SharePoint and Windows SharePoint Services. The most severe vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes the user to a targeted SharePoint site.

  • MS12-051 Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015):

    This security update resolves one publicly disclosed vulnerability in Microsoft Office for Mac. The vulnerability could allow elevation of privilege if a malicious executable is placed on an affected system by an attacker, and then another user logs on later and runs the malicious executable. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

One of the three critical patches will address a vulnerability that affects both Windows and Internet Explorer 9. The other two critical bulletins could allow malicious users to remotely execute code on the Windows operating system.

According to Marcus Carey, security researcher at Rapid7 (via The Verge), “It doesn’t affect IE9’s predecessors, which means that it was introduced in the latest iteration of the browser. If you are running IE9, you should definitely apply this patch.”

Marcus Carey says, “Many are expecting a patch for CVE-2012-1889: a vulnerability in Microsoft XML Core Services, which is currently being exploited in the wild.” But, from the advanced bulletin notification, it’s still not clear if the CVE-2012-1889 issue will be addressed in the July 2012 Patch Tuesday release.

Coming to the six bulletins of July 2012 Patch Tuesday, rated as important, two of the bulletins patch issues in Remote Code Execution, one affecting Microsoft Office and Microsoft Developer Tools, and the other found in Windows. The next three bulletins rated important patches vulnerabilities that could have resulted in Elevation of Privilege. These bulletins addresses the issue found in Windows, Office, and Microsoft Server Software. The last bulletin, which is rated important, patches a hole in Windows that might have resulted in Information Disclosure.
If you have never heard about “Patch Tuesday,” Microsoft issues monthly security updates the second Tuesday of every month. July 2012’s Patch Tuesday will be no different.

Watch the video below for an overview of this month’s bulletins.

If Windows Update is set to Automatic Update, the latest patches will be automatically downloaded and installed without having users to do any specific actions. Users who don’t have Automatic Update enabled can check for the updates manually. If you want to update multiple machines, you can download the patches from Microsoft Download Center and deploy them. The July 2012 Security ISO will be available on Microsoft Download Center shortly.

Microsoft will as usual host a webcast to address customer questions on the security bulletins on July 11, 2012, at 11:00 AM Pacific Time (US & Canada).

You may also like...