-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0125 Title: Microsoft Security Updates Version history: 15.11.2012 Initial publication Summary: ====== CERT-EU has received notification from Microsoft on a number of new security updates which have been released on November 13, 2012. This advisory is intended to help you plan for the deployment of these security updates more effectively. Please note that the list of affected software shown below is an abstract. The full list of affected components can be found in [1]. Microsof's security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft's web-based security content, the information in Microsoft's web-based security content is authoritative. ================================== NEW SECURITY BULLETINS ================================== MS12-071 Cumulative Security Update for Internet Explorer (2761451) Max Severity Rating: Critical Vulnerability Impact: Remote Code Execution Restart Requirement: Requires restart Affected Software: Microsoft Windows, Internet Explorer https://technet.microsoft.com/en-us/security/bulletin/ms12-071 ================================= MS12-072 Vulnerabilities in Windows Shell Could Allow Remote Code Execution (2727528) Max Severity Rating: Critical Vulnerability Impact: Remote Code Execution Restart Requirement: Requires restart Affected Software: Microsoft Windows https://technet.microsoft.com/en-us/security/bulletin/ms12-072 ================================= MS12-074 Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2745030) Max Severity Rating: Critical Vulnerability Impact: Remote Code Execution Restart Requirement: May require restart Affected Software: Microsoft Windows, Microsoft .NET Framework https://technet.microsoft.com/en-us/security/bulletin/ms12-074 ================================= MS12-075 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2761226) Max Severity Rating: Critical Vulnerability Impact: Remote Code Execution Restart Requirement: Requires restart Affected Software: Microsoft Windows https://technet.microsoft.com/en-us/security/bulletin/ms12-075 ================================= MS12-076 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2720184) Max Severity Rating: Important Vulnerability Impact: Remote Code Execution Restart Requirement: May require restart Affected Software: Microsoft Office https://technet.microsoft.com/en-us/security/bulletin/ms12-076 ================================= MS12-073 Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information Disclosure (2733829) Max Severity Rating: Moderate Vulnerability Impact: Information disclosure Restart Requirement: May require restart Affected Software: Microsoft Windows https://technet.microsoft.com/en-us/security/bulletin/ms12-073 ================================== NEW SECURITY ADVISORY ================================== N/A ================================== REVISED SECURITY ADVISORY ================================== This alert is to notify you that Microsoft has revised previously published security advisories on November 6 and November 13, 2012. SECURITY ADVISORY 2749655 ========================= Security Advisory 2749655 - Compatibility Issues Affecting Signed Microsoft Binaries - was updated on November 13, 2012. The security advisory was updated to announce that Microsoft replaced the KB2598361 update with the KB2687626 update for Microsoft Office 2003 Service Pack 3. See Security Advisory 2749655 for further details. SECURITY ADVISORY 2269637 ========================= Security Advisory 2269637 - Insecure Library Loading Could Allow Remote Code Execution - was updated on November 13, 2012. The security advisory was revised to add the Microsoft Security Bulletin MS12-074 "Vulnerabilities in .NET Framework Could Allow Remote Code Execution" to the Updates relating to Insecure Library Loading section. See Security Advisory 2269637 for further details. SECURITY ADVISORY 2755801 ========================= Security Advisory 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 - was updated on November 6, 2012. The security advisory was updated to add KB2770041 to the Current update section to address the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10. See Security Advisory 2755801 for further details. RECOMMENDATIONS ================================== Review Microsoft Security Advisories 2749655, 2269637 and 2755801 as well as associated content for details on affected components, mitigating factors, suggested actions, frequently asked questions (FAQ), and links to additional resources. ADDITIONAL RESOURCES ================================== [1] https://technet.microsoft.com/security/bulletin/ms12-nov [2] Security Advisory 2749655 - Compatibility Issues Affecting Signed Microsoft Binaries - https://technet.microsoft.com/en-us/security/advisory/2749655 [3] Security Advisory 2269637 - Insecure Library Loading Could Allow Remote Code Execution - https://technet.microsoft.com/en-us/security/advisory/2269637 [4] Security Advisory 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 - https://technet.microsoft.com/en-us/security/advisory/2755801 [5] Microsoft Security Bulletin MS12-074 - Vulnerabilities in .NET Framework Could Allow Remote Code Execution - https://technet.microsoft.com/security/bulletin/MS12-074 [6] Microsoft Security Response Center (MSRC) Blog: http://blogs.technet.com/msrc [7] Security Research & Defense (SRD) Blog: http://blogs.technet.com/srd Best Regards, CERT-EU (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJQpRdvAAoJEPpzpNLI8SVo/+gP/R7nKQcR1kR8aFHZQMsbEY9i FNdtfFP0JW6KoNwqlF5R8hBQOBkzZpGoOhHeeYFyCtOBUf6U9oJYCjmkWKVqqkOd uG5yD+4M1SNB9/7IG8wRApF3tQixUaiBnyXYP3DBCCY6piOdvZ2iKptGYTwv0reu EYtHxhLWHFbFmYjBnOUahgEAZTpxeMLNWW14y1sS7a4msfh5fMLtCmswU+rC6zhk lWYFRHq5feGeyKrmNtEgOz1yjRJ5YRHNdXJeXYGqhfLVl7WT+JLfBYFjb5t1wY6b FNd06ocLfZITTwBOezfU1tA+vZt9nfzh6ofm3i7lE5EIBtQ06vPmJMoj9T/JAB3o ly9qILQOqMuU+ISRSfkWkU8XqCmHf65cZpnnXR1NE3KWM7db0SWo2eM8HjNXA/tR JrBkaGEC4G0iDMpkULot5vd0lANKlFwSAgJPHhnFOolycn/XUppySTkAAphE2XqV nR4NiV64cw05MfA5BKUepAIoih096Ypod2CTcdFWYgMBNjH7dg1/V4xxpKHRKEvD 5RuuAVm9gSqGPHc+XUV0Msohea4tvE8g74OuNRvhFgXCLKuO3/dI0Tcc0MzefANl A+l4K5JXFnwC7kENYx85oSzt0rBvnva/Uk8/Y03ObDiraul0kW8q3lqjMe05sleu TYt+UjJ6H1DE8ynNqTWw =ZCYz -----END PGP SIGNATURE-----