Microsoft Security Bulletin Re-Releases/Advisories

[NICK ADSL UK]

Updates to the .NET Framework 2.0 by using Windows Update may cause some .NET Framework applications to crash





Consider the following scenario:•You install an update for the Microsoft .NET Framework 2.0 by using Windows Update.
•You run a .NET Framework 2.0 application, a .NET Framework 3.0 application, or a .NET Framework 3.5 application.
•You leave the computer on which your application is running idle for some time. When the computer is idle, the native images for the .NET Framework are automatically regenerated.

continued at source

http://support.microsoft.com/kb/2677...d=rss&spid=548

[NICK ADSL UK]

Microsoft Security Bulletin(s) for march 13, 2012
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

http://technet.microsoft.com/en-us/s...letin/ms12-mar

Critical (1)

Microsoft Security Bulletin MS12-020 - Critical

Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)

Published: Tuesday, March 13, 2012

Version: 1.0
http://technet.microsoft.com/en-us/s...letin/ms12-020

Important (4)

Microsoft Security Bulletin MS12-017 - Important

Vulnerability in DNS Server Could Allow Denial of Service (2647170)

Published: Tuesday, March 13, 2012

Version: 1.0
http://technet.microsoft.com/en-us/s...letin/ms12-017

Microsoft Security Bulletin MS12-018 - Important

Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2641653)

Published: Tuesday, March 13, 2012

Version: 1.0
http://technet.microsoft.com/en-us/s...letin/ms12-018

Microsoft Security Bulletin MS12-021 - Important

Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019)

Published: Tuesday, March 13, 2012

Version: 1.0
http://technet.microsoft.com/en-us/s...letin/ms12-021

Microsoft Security Bulletin MS12-022 - Important

Vulnerability in Expression Design Could Allow Remote Code Execution (2651018)

Published: Tuesday, March 13, 2012

Version: 1.0
http://technet.microsoft.com/en-us/s...letin/ms12-022

moderate (1)

Microsoft Security Bulletin MS12-019 - Moderate

Vulnerability in DirectWrite Could Allow Denial of Service (2665364)

Published: Tuesday, March 13, 2012

Version: 1.0

http://technet.microsoft.com/en-us/s...letin/ms12-019

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

[NICK ADSL UK]

Microsoft Security Bulletin(s) for April 10, 2012
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

http://technet.microsoft.com/en-us/s...letin/ms12-apr

Critical (4)

Microsoft Security Bulletin MS12-023
Cumulative Security Update for Internet Explorer (2675157)
http://technet.microsoft.com/en-us/s...letin/ms12-023

Microsoft Security Bulletin MS12-024
Vulnerability in Windows Could Allow Remote Code Execution (2653956)
http://technet.microsoft.com/en-us/s...letin/ms12-024

Microsoft Security Bulletin MS12-025
Vulnerability in .NET Framework Could Allow Remote Code Execution (2671605)
http://technet.microsoft.com/en-us/s...letin/ms12-025

Microsoft Security Bulletin MS12-027
Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)
http://technet.microsoft.com/en-us/s...letin/ms12-027



Important (2)

Microsoft Security Bulletin MS12-026
Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860)
http://technet.microsoft.com/en-us/s...letin/ms12-026

Microsoft Security Bulletin MS12-028
Vulnerability in Microsoft Office Could Allow Remote Code Execution (2639185)
http://technet.microsoft.com/en-us/s...letin/ms12-028






Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

[NICK ADSL UK]

********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: April 26, 2012
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS12-027 - Critical
* MS12-APR

Bulletin Information:
=====================

* MS12-027 - Critical

- http://technet.microsoft.com/security/bulletin/ms12-027
- Reason for Revision: V2.0 (April 26, 2012): Added Service Pack 1
versions of SQL Server 2008 R2 to the Affected Software and
added an entry to the update FAQ to explain which SQL Server
2000 update to use based on version ranges. These are
informational changes only. There were no changes to the security
update files or detection logic. For a complete list of changes,
see the entry to the section, Frequently Asked Questions (FAQ)
Related to This Security Update.
- Originally posted: April 10, 2012
- Updated: April 26, 2012
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS12-APR

- http://technet.microsoft.com/security/bulletin/ms12-APR
- Reason for Revision: V2.0 (April 26, 2012): For MS12-027, added
Service Pack 1 versions of SQL Server 2008 R2 to the Affected
Software and clarified the Affected Software to show that the
update applies to all installations of Microsoft SQL Server 2000
Analysis Services Service Pack 4, as the QFE and GDR distinction
does not apply to this product. These are informational changes
only. There were no changes to the security update files or
detection logic. Because the updates have been offered correctly
since initial release, customers who have already successfully
installed the updates do not need to take any action.
- Originally posted: April 10, 2012
- Updated: April 26, 2012
- Version: 2.0

[NICK ADSL UK]

--------------------------------------------------------------------------------

Microsoft Security Bulletin Advance Notification for May 2012

Published: Thursday, May 03, 2012

Version: 1.0


This is an advance notification of security bulletins that Microsoft is intending to release on May 8, 2012.

This bulletin advance notification will be replaced with the May bulletin summary on May 8, 2012. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications.

Microsoft will host a webcast to address customer questions on the security bulletins on May 9, 2012, at 11:00 AM Pacific Time (US & Canada). Register now for the May Security Bulletin Webcast. After this date, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates.

[NICK ADSL UK]

Microsoft Security Bulletin(s) for May 8, 2012
Note: There may be latency issues due to replication, if the page does not display keep refreshing



Today Microsoft released the following Security Bulletin(s).



Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.



Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.



Bulletin Summary:
http://technet.microsoft.com/en-us/s...letin/ms12-may



Critical (3)



Microsoft Security Bulletin MS12-029 - Critical

Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)

Published: Tuesday, May 08, 2012



Version: 1.0
http://technet.microsoft.com/en-us/s...letin/MS12-029





Microsoft Security Bulletin MS12-034 - Critical

Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)

Published: Tuesday, May 08, 2012



Version: 1.0
http://technet.microsoft.com/en-us/s...letin/ms12-034





Microsoft Security Bulletin MS12-035 - Critical

Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777)

Published: Tuesday, May 08, 2012



Version: 1.0
http://technet.microsoft.com/en-us/s...letin/ms12-035




Important (4)




Microsoft Security Bulletin MS12-030 - Important

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2663830)

Published: Tuesday, May 08, 2012



Version: 1.0
http://technet.microsoft.com/en-us/s...letin/ms12-030







Microsoft Security Bulletin MS12-031 - Important

Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2597981)

Published: Tuesday, May 08, 2012



Version: 1.0
http://technet.microsoft.com/en-us/s...letin/MS12-031







Microsoft Security Bulletin MS12-032 - Important

Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338)

Published: Tuesday, May 08, 2012



Version: 1.0
http://technet.microsoft.com/en-us/s...letin/ms12-032







Microsoft Security Bulletin MS12-033 - Important

Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533)

Published: Tuesday, May 08, 2012



Version: 1.0
http://technet.microsoft.com/en-us/s...letin/ms12-033








Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.



If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.



As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.



Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

[NICK ADSL UK]

********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: May 11, 2012
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS12-035 - Critical
* MS12-MAY

Bulletin Information:
=====================

* MS12-035 - Critical

- http://technet.microsoft.com/security/bulletin/MS12-035
- Reason for Revision: V2.0 (May 11, 2012): Added an entry to the
update FAQ to communicate that security update KB2656353
addresses the vulnerabilities described in this bulletin for all
supported systems running Microsoft .NET Framework 1.1
Service Pack 1, except when installed on Windows Server 2003
Service Pack 2. There were no changes to the security update
files. Customers who have successfully installed the update
do not need to take any action.
- Originally posted: May 8, 2012
- Updated: May 11, 2012
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS12-MAY

- http://technet.microsoft.com/security/bulletin/MS12-MAY
- Reason for Revision: V2.0 (May 11, 2012): For MS12-035,
corrected the security update number to KB2656353 for all
supported systems running Microsoft .NET Framework 1.1
Service Pack 1, except when installed on Windows Server 2003
Service Pack 2. There were no changes to the security update
files. Customers who have successfully installed the update
do not need to take any action.
- Originally posted: May 8, 2012
- Updated: May 11, 2012
- Version: 2.0

[NICK ADSL UK]

********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: May 22, 2012
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.


* MS11-100 - Critical
* MS12-034 - Critical
* MS12-035 - Critical
* MS12-MAY


Bulletin Information:
=====================

* MS11-100 - Critical

http://technet.microsoft.com/security/bulletin/MS11-100

- Reason for Revision: V1.5 (May 22, 2012): Added entry to the
update FAQ to announce a detection change for KB2656352 for
Microsoft .NET Framework 2.0 Service Pack 2 to correct an
installation issue. This is a detection change only. There were
no changes to the security update files. Customers who have
already successfully updated their systems do not need to take
any action.
- Originally posted: December 29, 2011
- Updated: May 22, 2012
- Bulletin Severity Rating: Critical
- Version: 1.5

* MS12-034 - Critical

http://technet.microsoft.com/security/bulletin/MS12-034

- Reason for Revision: V1.2 (May 22, 2012): Added an entry to
the Frequently Asked Questions (FAQ) Related to This Security
Update section to explain this revision.
- Originally posted: May 8, 2012
- Updated: May 22, 2012
- Bulletin Severity Rating: Critical
- Version: 1.2

* MS12-035 - Critical

http://technet.microsoft.com/security/bulletin/MS12-035

- Reason for Revision: V2.1 (May 22, 2012): Added entry to the
update FAQ to announce a detection change for KB2604092 for
Microsoft .NET Framework 2.0 Service Pack 2 and KB2604110 for
Microsoft .NET Framework 3.0 Service Pack 2 to correct an
installation issue. This is a detection change only. There were
no changes to the security update files. Customers who have
already successfully updated their systems do not need to take
any action.
- Originally posted: May 8, 2012
- Updated: May 22, 2012
- Bulletin Severity Rating: Critical
- Version: 2.1


MS12-MAY

http://technet.microsoft.com/security/bulletin/MS12-may

- Reason for Revision: V2.1 (May 22, 2012): For MS12-034, added
footnotes for security update KB2660649 for Windows Server 2008
and Windows Server 2008 R2. There were no changes to the
security update files. Customers who have successfully
installed the update do not need to take any action.
- Originally posted: May 8, 2012
- Updated: May 22, 2012
- Version: 2.1

[NICK ADSL UK]

Update for Windows Vista/7/8 for x64-based Systems (KB2718704)

Download size: 78 KB

You may need to restart your computer for this update to take effect.

Update type: Important

Install this update to resolve an issue which requires an update to the certificate revocation list on Windows systems and to keep your systems certificate list up to date. After you install this update, you may have to restart your system.

More information:
http://support.microsoft.com/kb/2718704

Help and Support:
http://support.microsoft.com

[NICK ADSL UK]

Microsoft Security Bulletin(s) for June 12, 2012
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

http://technet.microsoft.com/en-us/s...letin/ms12-jun

Critical (3)
Microsoft Security Bulletin MS12-036
Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939)
http://technet.microsoft.com/en-us/s...letin/ms12-036


Microsoft Security Bulletin MS12-037
Cumulative Security Update for Internet Explorer (2699988)
http://technet.microsoft.com/en-us/s...letin/ms12-037


Microsoft Security Bulletin MS12-038
Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)
http://technet.microsoft.com/en-us/s...letin/ms12-038


Important (4)
Microsoft Security Bulletin MS12-039
Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)
http://technet.microsoft.com/en-us/s...letin/ms12-039


Microsoft Security Bulletin MS12-040
Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)
http://technet.microsoft.com/en-us/s...letin/ms12-040


Microsoft Security Bulletin MS12-041
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162)
http://technet.microsoft.com/en-us/s...letin/ms12-041


Microsoft Security Bulletin MS12-042
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)
http://technet.microsoft.com/en-us/s...letin/ms12-042



Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

[NICK ADSL UK]

********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: June 12, 2012
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS12-020 - Critical
* MS12-025 - Critical

Bulletin Information:
=====================

* MS12-020 - Critical

- http://technet.microsoft.com/security/bulletin/MS12-020
- Reason for Revision: V2.0 (June 12, 2012): Bulletin rereleased to
reoffer security update KB2667402 on all supported editions of
Windows 7 and Windows Server 2008 R2. Customers using Windows 7
or Windows Server 2008 R2, including those who have already
successfully installed the update originally offered on
March 13, 2012, should install the reoffered update. See the
Update FAQ for details.
- Originally posted: March 13, 2012
- Updated: June 12, 2012
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS12-025 - Critical

- http://technet.microsoft.com/security/bulletin/MS12-025
- Reason for Revision: V2.0 (June 12, 2012): Bulletin rereleased to
reoffer the update for all affected software. Customers who have
already successfully installed the update originally offered on
April 10, 2012 are encouraged to install the reoffered update.
See the Update FAQ for details.
- Originally posted: April 10, 2012
- Updated: June 12, 2012
- Bulletin Severity Rating: Critical
- Version: 2.0

[NICK ADSL UK]

Microsoft Security Bulletin(s) for July 10, 2012
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

http://technet.microsoft.com/en-us/s...letin/ms12-jul

Critical (3)

Microsoft Security Bulletin MS12-043 - Critical
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479)
Published: Tuesday, July 10, 2012
http://technet.microsoft.com/en-us/s...letin/ms12-043

Microsoft Security Bulletin MS12-044 - Critical
Cumulative Security Update for Internet Explorer (2719177)
Published: Tuesday, July 10, 2012
http://technet.microsoft.com/en-us/s...letin/ms12-044

Microsoft Security Bulletin MS12-045 - Critical
Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365)
Published: Tuesday, July 10, 2012
http://technet.microsoft.com/en-us/s...letin/ms12-045

Important (6)

Microsoft Security Bulletin MS12-046 - Important
Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960)
Published: Tuesday, July 10, 2012
http://technet.microsoft.com/en-us/s...letin/ms12-046

Microsoft Security Bulletin MS12-047 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2718523)
Published: Tuesday, July 10, 2012
http://technet.microsoft.com/en-us/s...letin/ms12-047

Microsoft Security Bulletin MS12-048 - Important
Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442)
Published: Tuesday, July 10, 2012
http://technet.microsoft.com/en-us/s...letin/ms12-048

Microsoft Security Bulletin MS12-049 - Important
Vulnerability in TLS Could Allow Information Disclosure (2655992)
Published: Tuesday, July 10, 2012
http://technet.microsoft.com/en-us/s...letin/ms12-049

Microsoft Security Bulletin MS12-050 - Important
Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)
Published: Tuesday, July 10, 2012 | Updated: Tuesday, July 10, 2012
http://technet.microsoft.com/en-us/s...letin/ms12-050

Microsoft Security Bulletin MS12-051 - Important
Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015)
Published: Tuesday, July 10, 2012
http://technet.microsoft.com/en-us/s...letin/ms12-051

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

[NICK ADSL UK]

********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: July 10, 2012
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.


* MS11-044 - Critical
* MS11-078 - Critical
* MS11-100 - Critical
* MS12-016 - Critical
* MS12-035 - Critical
* MS12-036 - Critical
* MS12-050 - Important
* MS12-JUL



Bulletin Information:
=====================

* MS11-044 - Critical

- http://technet.microsoft.com/security/bulletin/ms11-044
- Reason for Revision: V1.3 (July 10, 2012): Microsoft revised
this bulletin to communicate a minor detection change for
KB2518864 for Microsoft .NET Framework 2.0 Service Pack 2 and
Microsoft .NET Framework 3.5 Service Pack 1 to correct an
offering issue. There were no changes to the security update
files. Customers who have already successfully updated their
systems do not need to take any action.
- Originally posted: June 14, 2011
- Updated: July 10, 2012
- Bulletin Severity Rating: Critical
- Version: 1.3

* MS11-078 - Critical

- http://technet.microsoft.com/security/bulletin/ms11-078
- Reason for Revision: V1.3 (July 10, 2012): Microsoft revised
this bulletin to communicate a minor detection change for
KB2572073 for Microsoft .NET Framework 2.0 Service Pack 2 to
correct an offering issue. There were no changes to the security
update files. Customers who have already successfully updated
their systems do not need to take any action.
- Originally posted: October 11, 2011
- Updated: July 10, 2012
- Bulletin Severity Rating: Critical
- Version: 1.3

* MS11-100 - Critical

- http://technet.microsoft.com/security/bulletin/ms11-100
- Reason for Revision: V1.6 (July 10, 2012): Microsoft revised
this bulletin to communicate a minor detection change for
KB2657424 for Microsoft .NET Framework 3.5 Service Pack 1 to
correct an offering issue. There were no changes to the security
update files. Customers who have already successfully updated
their systems do not need to take any action.
- Originally posted: December 29, 2011
- Updated: Tuesday, July 10, 2012
- Bulletin Severity Rating: Critical
- Version: 1.6

* MS12-016 - Critical

- http://technet.microsoft.com/security/bulletin/ms12-016
- Reason for Revision: V1.3 (July 10, 2012): Microsoft revised
this bulletin to communicate a minor detection change for
KB2633880 for Microsoft .NET Framework 2.0 Service Pack 2 to
correct an offering issue. There were no changes to the security
update files. Customers who have already successfully updated
their systems do not need to take any action.
- Originally posted: February 14, 2012
- Updated: July 10, 2012
- Bulletin Severity Rating: Critical
- Version: 1.3

* MS12-035 - Critical

- http://technet.microsoft.com/security/bulletin/ms12-035
- Reason for Revision: V2.2 (July 10, 2012): Microsoft revised
this bulletin to communicate a minor detection change for
KB2604111 for Microsoft .NET Framework 3.5 Service Pack 1 to
correct an offering issue. There were no changes to the security
update files. Customers who have already successfully updated
their systems do not need to take any action.
- Originally posted: May 08, 2012
- Updated: Tuesday, July 10, 2012
- Bulletin Severity Rating: Critical
- Version: 2.2

* MS12-036 - Critical

- http://technet.microsoft.com/security/bulletin/ms12-036
- Reason for Revision: V1.2 (July 10, 2012): Removed MS11-065 as
a bulletin replaced by the KB2685939 update for Windows XP
Service Pack 3, Windows XP Professional x64 Edition Service
Pack 2, Windows Server 2003 Service Pack 2, Windows Server
2003 x64 Edition Service Pack 2, and Windows Server 2003
with SP2 for Itanium-based Systems. This is an informational
change only. There were no changes to the detection logic or
the update files.
- Originally posted: June 12, 2012
- Updated: July 10, 2012
- Bulletin Severity Rating: Critical
- Version: 1.2

* MS12-050 - Important

- http://technet.microsoft.com/security/bulletin/ms12-050
- Reason for Revision: V1.1 (July 10, 2012): Downgraded the
severity rating for the SharePoint Search Scope Vulnerability,
CVE-2012-1860, from Important to Moderate for all affected
software. This is an informational change only.
- Originally posted: July 10, 2012
- Updated: July 10, 2012
- Bulletin Severity Rating: Important
- Version: 1.1

* MS12-JUL

- http://technet.microsoft.com/security/bulletin/ms12-JUL
- Reason for Revision: V1.1 (July 10, 2012): Removed
CVE-2012-1860 from the Exploitability Index because the
vulnerability has a Moderate severity rating. Only
vulnerabilities that have a severity rating of Critical or
Important in the bulletins are included in the
Exploitability Index.
- Originally posted: July 10, 2012
- Updated: July 10, 2012
- Version: 1.1

[NICK ADSL UK]

Microsoft Security Bulletin(s) for August 14 2012
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

http://technet.microsoft.com/en-us/s...letin/ms12-aug

Critical (5)

Microsoft Security Bulletin MS12-052
Cumulative Security Update for Internet Explorer (2722913)
http://technet.microsoft.com/en-us/s...letin/ms12-052

Microsoft Security Bulletin MS12-053
Vulnerability in Remote Desktop Could Allow Remote Code Execution (2723135)
http://technet.microsoft.com/en-us/s...letin/ms12-053

Microsoft Security Bulletin MS12-054
Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution (2733594)
http://technet.microsoft.com/en-us/s...letin/ms12-054

Microsoft Security Bulletin MS12-060
Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2720573)
http://technet.microsoft.com/en-us/s...letin/ms12-060

Microsoft Security Bulletin MS12-058
Vulnerabilities in Microsoft Exchange Server WebReady Document Viewing Could Allow Remote Code Execution (2740358)
http://technet.microsoft.com/en-us/s...letin/ms12-058



Important (4)

Microsoft Security Bulletin MS12-055
Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2731847)
http://technet.microsoft.com/en-us/s...letin/ms12-055

Microsoft Security Bulletin MS12-056
Vulnerability in JScript and VBScript Engines Could Allow Remote Code Execution (2706045)
http://technet.microsoft.com/en-us/s...letin/ms12-056

Microsoft Security Bulletin MS12-057
Vulnerability in Microsoft Office Could Allow Remote Code Execution (2731879)
http://technet.microsoft.com/en-us/s...letin/ms12-057

Microsoft Security Bulletin MS12-059
Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2733918)
http://technet.microsoft.com/en-us/s...letin/ms12-059


Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

[NICK ADSL UK]

Microsoft Security Bulletin(s) for September 11 2012
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

http://technet.microsoft.com/en-us/s...letin/ms12-sep

Critical (0)


Important (2)


Microsoft Security Bulletin MS12-061 - Important

Vulnerability in Visual Studio Team Foundation Server Could Allow Elevation of Privilege (2719584)

Published: Tuesday, September 11, 2012
http://technet.microsoft.com/en-us/s...letin/ms12-061



Microsoft Security Bulletin MS12-062 - Important

Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege (2741528)

Published: Tuesday, September 11, 2012
http://technet.microsoft.com/en-us/s...letin/ms12-062


Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

[NICK ADSL UK]

Microsoft out-of-band security bulletin September 21, 2012

Microsoft Security Bulletin MS12-063 - Critical

Cumulative Security Update for Internet Explorer (2744842)

Published: Friday, September 21, 2012

Version: 1.0


General Information

Executive Summary

This security update resolves one publicly disclosed and four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows servers. Internet Explorer 10 is not affected. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

This security update also addresses the vulnerability first described in Microsoft Security Advisory 2757760.
http://technet.microsoft.com/en-us/s...visory/2757760

Recommendation. Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

See also the section, Detection and Deployment Tools and Guidance, later in this bulletin.

Known Issues. None

http://technet.microsoft.com/en-us/s...letin/ms12-063

[NICK ADSL UK]

Security Advisory 2755801 addresses Adobe Flash Player issues - MSRC - Site Home - TechNet Blogs:
http://blogs.technet.com/b/msrc/arch...er-issues.aspx

Today we released Security Advisory 2755801
http://technet.microsoft.com/en-us/s...visory/2755801
that
addresses vulnerabilities in Adobe Flash Player in Internet Explorer 10
on Windows 8. The majority of customers have automatic updates enabled
and will not need to take any action because protections will be
downloaded and installed automatically. Customers who do not use
automatic updates should apply the guidance in the advisory immediately
using update management software, or by checking the Microsoft Update
service, to help ensure protection.

We recognize there has been some discussion about our update process as
it relates to Adobe Flash Player. Microsoft is committed to taking the
appropriate actions to help protect our customers and we are working
closely with Adobe to deliver quality protections that are aligned with
Adobe’s update process.

With respect to Adobe Flash Player in Internet Explorer 10, customers
can expect the following:

* On a quarterly basis when Adobe normally issues Flash Player
updates, we will coordinate on disclosure and release timing.
* When the threat landscape requires action outside of Adobe’s normal
update cadence, we will also work to align our release schedules.
For example, this may mean that in some cases we will issue updates
outside of our regular monthly security bulletin release.

As always, we recommend customers visit the Advisory for more
information and make sure the update is deployed as soon as possible to
help ensure that they are protected.

Yunsun Wee
Director
Microsoft Trustworthy Computing

[NICK ADSL UK]

Microsoft Security Bulletin(s) for October 9 2012
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
http://technet.microsoft.com/en-us/s...letin/ms12-oct



Critical (1)
Microsoft Security Bulletin MS12-064
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319)
http://technet.microsoft.com/en-us/s...letin/ms12-064


Important (6)
Microsoft Security Bulletin MS12-065
Vulnerability in Microsoft Works Could Allow Remote Code Execution (2754670)
http://technet.microsoft.com/en-us/s...letin/ms12-065


Microsoft Security Bulletin MS12-066
Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517)
http://technet.microsoft.com/en-us/s...letin/ms12-066

Microsoft Security Bulletin MS12-067
Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2742321)
http://technet.microsoft.com/en-us/s...letin/ms12-067

Microsoft Security Bulletin MS12-068
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2724197)
http://technet.microsoft.com/en-us/s...letin/ms12-068

Microsoft Security Bulletin MS12-069
Vulnerability in Kerberos Could Allow Denial of Service (2743555)
http://technet.microsoft.com/en-us/s...letin/ms12-069

Microsoft Security Bulletin MS12-070
Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849)
http://technet.microsoft.com/en-us/s...letin/ms12-070



Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

[NICK ADSL UK]

Microsoft Security Bulletin Re-Releases - Oct. 9, 2012
Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS12-043 - Critical
* MS12-053 - Critical
* MS12-054 - Critical
* MS12-055 - Important
* MS12-058 - Critical
* MS12-JUL
* MS12-AUG

Bulletin Information:

* MS12-043 - Critical
http://technet.microsoft.com/security/bulletin/MS12-043

- Reason for Revision: V3.0 (October 9, 2012): Added Microsoft
XML Core Services 4.0 when installed on supported editions of
Windows 8 and Windows Server 2012 to affected software and
announced a corresponding detection change for the KB2721691
update package. Customers who have installed Microsoft XML
Core Services 4.0 on systems running Windows 8 or Windows
Server 2012 need to install the KB2721691 update to be
protected from the vulnerability described in this bulletin.
See the update FAQ for details.
- Originally posted: July 10, 2012
- Updated: October 9, 2012
- Bulletin Severity Rating: Critical
- Version: 3.0

* MS12-053 - Critical
http://technet.microsoft.com/security/bulletin/MS12-053

- Reason for Revision: V2.0 (October 9, 2012): Revised bulletin
to offer the rerelease of the KB723135 update for Windows XP.
Customers need to apply the rereleased update packages to
avoid an issue with digital certificates described in
Microsoft Security Advisory 2749655.
- Originally posted: August 14, 2012
- Updated: October 9, 2012
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS12-054 - Critical
http://technet.microsoft.com/security/bulletin/MS12-054

- Reason for Revision: V2.0 (October 9, 2012): Revised
bulletin to offer the rerelease of the KB2705219 update
for Windows XP, Windows Server 2003, Windows Vista, Windows
Server 2008, Windows 7, and Windows Server 2008 R2. Customers
need to apply the rereleased update packages to avoid an issue
with digital certificates described in Microsoft Security
Advisory 2749655.
- Originally posted: August 14, 2012
- Updated: October 9, 2012
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS12-055 - Important
http://technet.microsoft.com/security/bulletin/MS12-055

- Reason for Revision: V2.0 (October 9, 2012): Revised
bulletin to offer the rerelease of the KB2731847 update
for Windows XP, Windows Server 2003, Windows Vista, Windows
Server 2008, Windows 7, and Windows Server 2008 R2. Customers
need to apply the rereleased update packages to avoid an
issue with digital certificates described in Microsoft
Security Advisory 2749655.
- Originally posted: August 14, 2012
- Updated: October 9, 2012
- Bulletin Severity Rating: Important
- Version: 2.0

* MS12-058 - Critical
http://technet.microsoft.com/security/bulletin/MS12-058

- Reason for Revision: V2.0 (October 9, 2012): Revised bulletin
to offer the rerelease of updates for Microsoft Exchange Server
2007 Service Pack 3 (KB2756496), Microsoft Exchange Server 2010
Service Pack 1 (KB2756497), and Microsoft Exchange Server 2010
Service Pack 2 (KB2756485). Customers need to apply the
rereleased updates to avoid an issue with digital certificates
described in Microsoft Security Advisory 2749655.
- Originally posted: August 14, 2012
- Updated: October 9, 2012
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS12-JUL
http://technet.microsoft.com/en-us/s...letin/ms12-043

- Reason for Revision: V3.0 (October 9, 2012): For MS12-043,
added Microsoft XML Core Services 4.0 when installed on
supported editions of Windows 8 and Windows Server 2012
to affected software. See the MS12-043 bulletin for details.
- Originally posted: July 10, 2012
- Updated: October 9, 2012
- Version: 3.0

* MS12-AUG
http://technet.microsoft.com/security/bulletin/ms12-JUL

- Reason for Revision: V2.0 (October 9, 2012): Bulletin
Summary revised to coincide with the rerelease of update
packages in MS12-053, MS12-054, MS12-055, and MS12-058.
Customers need to apply the rereleased update packages
to avoid an issue with digital certificates described in
Microsoft Security Advisory 2749655. See the bulletins
for more information.
- Updated: October 9, 2012
- Version: 3.0

[NICK ADSL UK]

Microsoft Security Bulletin Minor Revisions - Oct 23, 2012
Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS12-043
* MS12-066
* MS12-OCT

Bulletin Information:
=====================

* MS12-043 - Important

http://technet.microsoft.com/security/bulletin/ms12-043
- Reason for Revision: V3.1 (October 23, 2012): Added the
KB2721691 update to the Bulletin FAQ that explains which
updates are available for Windows 8 Release Preview and
Windows Server 2012 Release Candidate.
- Originally posted: July 10, 2012
- Updated: October 23, 2012
- Bulletin Severity Rating: Critical
- Version: 3.1

* MS12-066 - Important

http://technet.microsoft.com/security/bulletin/ms12-066
- Reason for Revision: V1.3 (October 23, 2012): Added Microsoft
Windows SharePoint Services 3.0 Service Pack 3 (32-bit version)
and Microsoft Windows SharePoint Services 3.0 Service Pack 3
(64-bit version) to the Affected Software section. This is a
bulletin change only. There were no changes to the detection
logic or security update files.
- Originally posted: October 9, 2012
- Updated: October 23, 2012
- Bulletin Severity Rating: Important
- Version: 1.3

* MS12-OCT

http://technet.microsoft.com/security/bulletin/ms12-oct
- Reason for Revision: V1.3 (October 23, 2012): For MS12-066,
added Microsoft Windows SharePoint Services 3.0 Service Pack 3
(32-bit version) and Microsoft Windows SharePoint Services 3.0
Service Pack 3 (64-bit version) to the Affected Software and
Download Locations section. This is an informational change
only. There were no changes to the detection logic or security
update files.
- Originally posted: October 9, 2012
- Updated: October 23, 2012
- Version: 1.3