Overview of the December 2012 Microsoft patches and their status.
We will update issues on this page for about a week or so as they evolve.
We appreciate updates US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
(**): The exploitability rating we show is the worst of them all due to the too large number of ratings Microsoft assigns to some of the patches.
------
-- |
John 262 Posts ISC Handler Dec 11th 2012 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread locked Subscribe |
Dec 11th 2012 9 years ago |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Given that MS12-083 is for a DirectAccess CA issue and "What systems are primarily at risk from the vulnerability?
Servers are at risk from this vulnerability." http://blogs.technet.com/b/srd/archive/2012/12/11/ms12-083-addressing-a-missing-certificate-revocation-check-in-ip-https.aspx As per that blog post, it's the direct access server that can be tricked into allowing a client into the network that should be revoked. The vulnerability is thusly only on the server side, not a client vulnerability. Yes if you use a Windows 2012 as a workstation you may be offered up this patch but unless you turn that workstation into a DA authentication server it will never be "vulnerable" to attack. I think your grid does a disservice to the risk rating on the "client side" of Server 2008 r2/Server 2012 as I read this. |
Susan 34 Posts |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Dec 12th 2012 9 years ago |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
- http://technet.microsoft.com/en-us/security/advisory/2749655
V2.0 (December 11, 2012): Added the KB2687627 and KB2687497 updates described in MS12-043, the KB2687501 and KB2687510 updates described in MS12-057, the KB2687508 update described in MS12-059, and the KB2726929 update described in MS12-060* to the list of available re-releases... ___ The following bulletins have undergone a major revision increment. See the appropriate bulletin for more details. - http://technet.microsoft.com/security/bulletin/MS12-043 - http://technet.microsoft.com/security/bulletin/MS12-050 - http://technet.microsoft.com/security/bulletin/MS12-057 - http://technet.microsoft.com/security/bulletin/MS12-059 - http://technet.microsoft.com/security/bulletin/MS12-060 (Thanks to Susan Bradley...) . |
Jack 160 Posts |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Dec 12th 2012 9 years ago |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The chart indicates that MS12-080 has a known exploit but does not indicate which CVE is impacted. I tried searching and can’t find the vulnerability that has the known exploit. Does anyone know which vulnerability it is (Oracle Outside In or RSS Feed)?
Thanks, Thanks, |
Jack 2 Posts |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Dec 12th 2012 9 years ago |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
I'm having problem with KB2758857. All of the other patches work fine but that one is causing some programs to crash. (MS Money most notably - yes, I know it's been sunsetted)
I get a C++ runtime error with KB2758857 installed. Removing it gets rid of the problem. Anyone else? |
Jack 1 Posts |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Dec 13th 2012 9 years ago |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Known issues with this security update•We are aware of issues related to OpenType Font (OTF) rendering in applications such as PowerPoint on affected versions of Windows that occur after this security update is applied. We are currently investigating these issues and will take appropriate action to address the known issues. "
Per http://support.microsoft.com/kb/2753842 Official statement by Microsoft showcasing they are aware of the issue and are investigating. |
Susan 34 Posts |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Dec 15th 2012 9 years ago |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
- https://technet.microsoft.com/en-us/security/bulletin/ms12-078
V2.0 (December 20, 2012): Re-released update KB2753842 to resolve an issue with OpenType fonts not properly rendering after the original update was installed. Customers who have successfully installed the original KB2753842 update need to install the rereleased update. . |
Jack 160 Posts |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Dec 21st 2012 9 years ago |
Sign Up for Free or Log In to start participating in the conversation!