Microsoft Security Bulletin Summary for November 2012

Blog Post created by mjc on Nov 13, 2012

Many_patches.jpgMicrosoft Security Bulletin Summary for November 2012 contains eight bulletins and patches 17 vulnerabilities. A couple of bulletinsMS12-071 and MS12-075 will need to be addressed as soon as possible.


MS12-071 is a cumulative security update for Internet Explorer 9. This will be a priority for both businesses and consumers since an attacker would be able to compromise their system if the user visits a malicious web page. MS12-071 patches three vulnerabilities in Internet Explorer 9, and Microsoft points out that exploit code is likely to be available. This means that we are likely to see attacks targeting MS12-071 added to crimeware packs such as Blackhole in the near future.


MS12-075 is a critical vulnerability that almost flies under the radar, but is probably the most important to many organizations. MS12-075 patches vulnerabilities in Windows kernel-mode drivers which could allow an attacker to execute code remotely. MS12-075 patches a vulnerability that could allow a user to be compromised by visiting a malicious webpage using TrueType font files. This means MS12-075 can work across multiple versions of Internet Explorer.


MS12-072 and MS12-074 are also both listed as critical, but due to the complexity of exploitation, I don't think they are much risk to most organizations. To launch a successful attack against either of the vulnerabilities listed requires very specific configurations and environments. I call this sort of attack scenario, "The stars must all align attack vectors".


MS12-076 patches vulnerabilities in Microsoft Excel that would allow remote code execution and allow an attacker to inherit the same privileges as the current user. This would be third on my priority list in an organization. It is fairly trivial to escalate privileges once you have user-level access, and we still see an unhealthy number of people running as administrator, in that case it's game over.


MS12-073 is a moderate vulnerability in Microsoft Internet Information Services which could lead to information disclosure. MS12-073 is the easiest to bulletin mitigate without patching since it can be mitigated by filtering inbound FTP traffic.