Overview of the March 2012 Microsoft patches and their status.
We will update issues on this page for about a week or so as they evolve.
We appreciate updates US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY (*): ISC rating
(**): The exploitability rating we show is the worst of them all due to the too large number of ratings Microsoft assigns to some of the patches. ------ |
Lenny 216 Posts Mar 13th 2012 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread locked Subscribe |
Mar 13th 2012 1 decade ago |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Just a note, KB2639308 has also started to be pushed put automatically as "important". This is a security design change. It introduces the an option for programs to force other programs to be run with ASLR, regardless of whether the second program has requested it. This is done by using IFEOs.
If you're administering Windows desktops, it looks like it will be worth learning about what IFEOs are and how they are used! Details on this design change at at http://support.microsoft.com/kb/2639308 But basically, as far as I can tell this looks like EMET (http://support.microsoft.com/kb/2458544) will shortly be updated to allow you to force ASLR in legacy applications using this method. |
Alex 19 Posts |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Mar 13th 2012 1 decade ago |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
It is being used by Internet Explorer 10.
http://blogs.msdn.com/b/ie/archive/2012/03/12/enhanced-memory-protections-in-ie10.aspx It could be useful for any application that allows third party add-ons. |
David 11 Posts |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Mar 14th 2012 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!