Overview of the April 2012 Microsoft patches and their status.
We will update issues on this page for about a week or so as they evolve.
We appreciate updates US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY (*): ISC rating
(**): The exploitability rating we show is the worst of them all due to the too large number of ratings Microsoft assigns to some of the patches. -- NOTE: These security updates also included an update for Windows 8 Customer Preview. Updates for Windows 8 are available through the operating systems Windows Update. (Thanks Rene! - Mark Baggett) |
Swa 760 Posts Apr 10th 2012 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread locked Subscribe |
Apr 10th 2012 1 decade ago |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
After giving you a hard time on the Vista post, Swa, I have to give you kudos for these Black Tuesday updates. We'll done and informative; I reference them in our patch management testing and communications. Thx.
|
Dean 135 Posts |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Apr 10th 2012 1 decade ago |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Anyone know why this is going on?:
- http://technet.microsoft.com/en-us/security/bulletin/ms12-apr - OK... vs. - https://technet.microsoft.com/en-us/security/bulletin/ms12-apr ^ "502 - Web server received an invalid response while acting as a gateway or proxy server. There is a problem with the page you are looking for, and it cannot be displayed. When the Web server (while acting as a gateway or proxy) contacted the upstream content server, it received an invalid response from the content server." . |
Jack 160 Posts |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Apr 10th 2012 1 decade ago |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
I don't think MS12-024 rates a "Critical", at least based on what I see in the bulletin. In a nutshell, the authenticode validation on the EXE is crackable. From the bulletin:
How could an attacker exploit the vulnerability? Exploitation of this vulnerability requires that a user or application run or install a specially crafted, signed PE file. An attacker could modify an existing signed file to include malicious code without invalidating the signature. This code would execute in the context of the privilege in which the signed PE file was launched. Back to me. I don't see any evidence in the bulletin that verifying the authenticode signature is sufficient for code execution (which would be a Critical because it would mean that merely inspecting properties on an EXE could trigger code execution), but merely that an attacker can fake the authenticode signature on a malicious EXE. Yes, that's bad, but that implies that the attacker has already convinced you to download their malicious EXE or managed to get it onto your system. And that they've convinced you to do that, but you're the sort of person who checks those authenticode signatures and relies upon them. The intersection of people who run arbitrary EXEs from potentially unknown sources and who then check authenticode signatures is pretty small! I can see how it might be bad if someone manages to spoof the Microsoft content distribution network and send out malicious patches, but that'll take some work to set up. |
Anonymous |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Apr 10th 2012 1 decade ago |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
@Anonymous: you make a valid point I think. I reread the entire bulletin just now and there are two nagging things I saw:
- first I'm not sure there isn't messing with the signature itself to create a problem as well as the ability to add stuff outside of the signed data. - secondly MSFT mentions that *installing* a crafted PE could lead to exploitation (as an alternative to executing it). This could mean that an admin installing something for a user lacking admin rights could be hit ? Merely by installing it, not even executing it... Anyway I've asked Microsoft for clarification on just what scenarios allow the execution of unsigned code. Let's hope they respond soon. |
Swa 760 Posts |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Apr 10th 2012 1 decade ago |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
IMO MS12-024 is highly critical because update processes (Windows itself, anti-virus and applications) usually depend on signed executables that are typically transferred "in the clear" (mostly using http).
The way I read it, anyone with access to such files, either on (intermediate) servers or by tapping the "wire" (think public WiFi hotspots) will be able to invoke this vulnerability and compromise PC's of unsuspecting users. It would be interesting to know whether just _checking_ the signature (right click on the file, Properties, Digital Signatures, select line, click Details) invokes this vulnerability. However such information probably also benefits potential attackers. |
Erik van Straten 129 Posts |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Apr 11th 2012 1 decade ago |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The problem is when a JAVA exploit gains control and installs code. If it is okay and signed correctly no warning will pop up. The code with a false signature WILL execute without UAC popping up at all without this patch installed. Tha tis the vulnerability. Best, Al
|
Al of Your Data Center 80 Posts |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Apr 11th 2012 1 decade ago |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Just an "FYI"... the
- https://technet.microsoft.com/en-us/security/bulletin/ms12-apr ^ ... is apparently fixed - 'nice timing for it to have gone belly-up. . |
Jack 160 Posts |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Apr 12th 2012 1 decade ago |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Unable to Print TurboTax Return After Installing the Latest Windows Update (Last Updated 12 Apr-12) http://turbotax.intuit.com/support/iq/Print-and-Save/Unable-to-Print-TurboTax-Return-After-Installing-the-Latest-Windows-Update/SLN61229.html Seeing issues with Turbotax printing after this week's updates. US Tax filing day is Tuesday. |
Susan 34 Posts |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Apr 13th 2012 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!