-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0083 Title: Microsoft Security Updates Version history: 11.07.2012 Initial publication CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the 10 July 2012. This advisory is intended to help you plan for the deployment of these security updates more effectively. Please note that the list of affected software shown below is an abstract. The full list of affected components can be found at http://technet.microsoft.com/security/bulletin/ms12-jul. Microsoft’s security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s web-based security content, the information in Microsoft’s web-based security content is authoritative. ================================== NEW BULLETIN SUMMARY ================================== Microsoft is releasing the following nine new security bulletins for newly discovered vulnerabilities: - ---------------------------- Bulletin ID: MS12-043 Bulletin Title: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479) Max Severity Rating: Critical Vulnerability Impact: Remote Code Execution Affected Software: Microsoft Windows - ---------------------------- Bulletin ID: MS12-044 Bulletin Title: Cumulative Security Update for Internet Explorer (2719177) Max Severity Rating: Critical Vulnerability Impact: Remote Code Execution Affected Software: Internet Explorer - ---------------------------- Bulletin ID: MS12-045 Bulletin Title: Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365) Max Severity Rating: Critical Vulnerability Impact: Remote Code Execution Affected Software: Microsoft Windows - ---------------------------- Bulletin ID: MS12-046 Bulletin Title: Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960) Max Severity Rating: Important Vulnerability Impact: Remote Code Execution Affected Software: Microsoft Office and Visual Basic for Applications - ---------------------------- Bulletin ID: MS12-047 Bulletin Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2718523) Max Severity Rating: Important Vulnerability Impact: Elevation of Privilege Affected Software: Microsoft Windows - ---------------------------- Bulletin ID: MS12-048 Bulletin Title: Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442) Max Severity Rating: Important Vulnerability Impact: Remote Code Execution Affected Software: Microsoft Windows - ---------------------------- Bulletin ID: MS12-049 Bulletin Title: Vulnerability in TLS Could Allow Information Disclosure (2655992) Max Severity Rating: Important Vulnerability Impact: Information Disclosure Affected Software: Microsoft - ---------------------------- Bulletin ID: MS12-050 Bulletin Title: Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502) Max Severity Rating: Important Vulnerability Impact: Elevation of Privilege Affected Software: Microsoft InfoPath 2007, SharePoint Server 2010, Groove Server 2010, Windows SharePoint Services 3.0, SharePoint Foundation 2010, and Office Web Apps 2010. - ---------------------------- Bulletin ID: MS12-051 Bulletin Title: Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015) Max Severity Rating: Important Vulnerability Impact: Elevation of Privilege Affected Software: Office for Mac 2011 ================================== NEW SECURITY ADVISORIES ================================== Microsoft published two new security advisories on July 10, 2012. Security Advisory 2728973: Unauthorized Digital Certificates Could Allow Spoofing More Information: http://technet.microsoft.com/security/advisory/2728973 Security Advisory 2719662: Vulnerabilities in Gadgets Could Allow Remote Code Execution: More Information: http://technet.microsoft.com/security/advisory/2719662 Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJP/WGfAAoJEMQ9UMldbd3zzs0P/A/FIAyomTK/DzJWPFRF5k0U dts27/JDVPxs6q8q8NGUXUAcveNiqP1HzbX2rrYOQGnNVSaAzRWfxMjW6VKO6ST/ F5MCbTAIYcXIwzU0y5h8oy+HZd2nC2aWR+LqMgRkGkw5pB/zLn8N2g1xeT+VnLv4 u5pPkNsT25OO3l6ca5q6TgBnyxsFrZeJ3vE99pj7A5f5ySYe3z44RX+4nsdldTLu icRomnFXe7+GPTUuhlWbHR1XtgZc2SV10mJ8XWEm68H/TYFSdodDAcEOt9BRJHb2 ncLTXcmMRFzICrLpUANibG9zkt92KYBasQ+KB94qRCyJIpeQSg3mSntTFugjgyr5 suvlLLVf6sS5KsgtmdZ2TPL0YVletN7FNMM9HLgB6nQUQquG+XeZqGoC7PY9gXft EbW3Bs1VLJ3b62FU+Qa8FmQ6BjgOcWclsySxizOs0i63paWYHfodf4ia77mbINna DGS7XIVh/+axwoYDxKgnOhTufmfOGx+N51FWQMGv5ekN4U5lvMkzJyXn+yFd4bHp zZArongzD1sCDQsg1wmxUT6r+b20Da2LgKB87Zzuo3QM4W3iSxBzmF/Ce33TBlQO ylCPpB/rTiXGIXgWywAtLqQsScWLKhuwHm6n/a11jU9kTYNigwQjkhPUAU88sIFP Oqpu/fouEFCqK9Tt+xZl =l4bu -----END PGP SIGNATURE-----