-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2012-0141

Title: Microsoft Security Updates

Version history:
12.12.2012 Initial publication

CERT-EU has received  notification from Microsoft on a number of new
security updates which have been released on the 12 December 2012.

This advisory is intended to help you plan for the deployment of these
security updates more effectively.  Please note that the list of
affected software shown below is an abstract. The full list of affected
components can be found at
http://technet.microsoft.com/security/bulletin/MS12-dec.

Microsof's security content posted to the web is occasionally updated to
reflect late-breaking information. If this results in an inconsistency
between the information here and the information in Microsoft's
web-based security content, the information in Microsoft's web-based
security content is authoritative.

==================================
NEW SECURITY BULLETINS
==================================
Bulletin ID: MS12-077
Bulletin Title: Cumulative Security Update for Internet Explorer (2761465) 
Max Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Restart required
Affected Software: Internet Explorer on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT.

=================================
Bulletin ID: MS12-078
Bulletin Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534)
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Restart required
Affected Software: Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT.

=================================
Bulletin ID: MS12-079
Bulletin Title: Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642)
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Word 2003, Word 2007, Word 2010, Word Viewer, Office Compatibility Pack, SharePoint Server 2010, and Office Web Apps 2010.
=================================
Bulletin ID: MS12-080
Bulletin Title: Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126)
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Exchange Server 2007 and Exchange Server 2010.

=================================
Bulletin ID: MS12-081
Bulletin Title: Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857)
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Restart required
Affected Software: Affected Software: Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

=================================
Bulletin ID: MS12-082
Bulletin Title: Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660)
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: Restart required
Affected Software: Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012.

=================================
Bulletin ID: MS12-083
Bulletin Title: Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809)
Maximum Severity Rating: Important
Vulnerability Impact: Security Feature Bypass
Restart Requirement: Restart required
Affected Software: Windows Server 2008 R2 and Windows Server 2012.

==================================
NEW SECURITY ADVISORIES
==================================
Microsoft published two new security advisories on December 11, 2012.
Here is an overview of these new security advisories:

Security Advisory 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10

Affected Software:
- - Windows 8 for 32-bit Systems > 	Adobe Flash Player in Internet Explorer 10
- - Windows 8 for 64-bit Systems > 	Adobe Flash Player in Internet Explorer 10
- - Windows Server 2012 > 	Adobe Flash Player in Internet Explorer 10
- - Windows RT >	Adobe Flash Player in Internet Explorer 10

Executive Summary:
- - Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10. 
More Information:
http://technet.microsoft.com/security/advisory/2755801

=================================
Security Advisory 2749655 - Compatibility Issues Affecting Signed Microsoft Binaries

Executive Summary:
- - Microsoft is aware of an issue involving specific digital certificates that were generated by Microsoft without proper timestamp attributes. These digital certificates were later used to sign some Microsoft core components and software binaries. This could cause compatibility issues between affected binaries and Microsoft Windows. While this is not a security issue, because the digital signature on files produced and signed by Microsoft will expire prematurely, this issue could adversely impact the ability to properly install and uninstall affected Microsoft components and security updates.
More Information:
http://technet.microsoft.com/security/advisory/2749655


Best Regards,
CERT-EU (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383
Privacy Statement:
http://cert.europa.eu/cert/plainedition/en/cert_privacy.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJQyJPhAAoJEPpzpNLI8SVo+Y4QALSMK7nvzh0Ty+Cmc0dKB7dC
kgFdjrq0Pf+4Oge+55Cz3l1Iu3aexODYO9DxSQQfWuHLB5k7KJPMrLceYJNefi2G
/qlDtrSB0xtk4RXhmfKcFBrUO1tO9hVX5tppRUMEsualNqNr2Z6ly6lHxjxPNR00
2nVTFQcb/rE7YdQ2EobwKENjNQtIfLmxDrnlsLZvEKQm0Jr0TWRrOb7qLC3VA/d5
442tAJqvTvTALRh5FP+Sadd3MexBKWzliASceKFGo/EQi/pcozmcGug/dn/UC/ra
i6U9uINHKXusdBbfZN4WmjqDqk6BTHhKRX9OaOt2TxmBXZv8eIQsucJYYLzDpvbq
k45ayU8CkpPO6CvYsHIBLu5Y89u2IyXYgWEXWQzREOjFyW6VhzjzCVAaqqqif+0R
vqpp4/zr2hdYPFiGhRbgBKTJ9/17nF2pz0YkfJliH3H3ukORPLSaGu3oJK2iRXrB
VbgAKsgUeKjLqqvR83aNNQ//zCxXjxETWQ6zTiLJeq+joyf3fjYHDckw39D4At3D
UVgrCDqSZzO9TiZacJHhxlbB4IQxmyt9t4FfkImZRPRuHBU2G4qCkWdvY3bKk3CC
lTLy++eTjkHEx9gvRl6KBVvlJHub/6laagIravsVUzyDcHnsn0hczWVcZwugvXDm
X687bRQ5i4K+qb8EN01u
=ohPG
-----END PGP SIGNATURE-----