Microsoft has just sent their advance notice of the patches that are scheduled to be released on Tuesday, January 10. There are a total of seven patches to be released for January. All but one of the patches apply to Windows Workstation and Server Operating Systems. The one exception applies to Microsoft Developer Tools and Software.
All but one of the patches are classified as IMPORTANT. The one exception is classified as CRITICAL on Windows Server 2003 and 2008, Windows XP and Windows Vista operating systems (for Windows 7 and Windows Server 2008R2 installations, the same patch is classified as IMPORTANT) and will require a restart of the specific system being updated.
The primary rationale for the classification of CRITICAL for bulletin #1 on Windows Server 2003, Server 2008 and Windows XP/Vista systems is the vulnerability could allow remote code execution if exploited.
The following details are currently unknown and should be made available on Tuesday:
- If the exploit has been identified to the public
- If the exploit code requires an authenticated account for the vulnerability to be exploited successfully.
- If the vulnerability can be exploited consistently with security features* included in the most current Windows operating (such as Windows Server 2008R2 and Windows 7)
Each of these factors will determine the urgency for the application of the critical patch.
*Security features implemented by default in the most current operating systems include:
http://en.wikipedia.org/wiki/Address_space_layout_randomization
http://en.wikipedia.org/wiki/Data_Execution_Prevention
Update – January 10, 4 p.m.
Additional information has been recently provided detailing the scope of the Microsoft patches released on January 10. It is available at – http://technet.microsoft.com/en-us/security/bulletin/ms12-jan
As originally indicated, Microsoft has only identified one patch as being critical for workstations and servers – http://technet.microsoft.com/en-us/security/bulletin/ms12-004 . However, one other source (http://isc.sans.edu/diary/January+2012+Microsoft+Black+Tuesday+Summary/12361) has recommended that TWO patches should be applied to workstations immediately (http://technet.microsoft.com/en-us/security/bulletin/ms12-004 and http://technet.microsoft.com/en-us/security/bulletin/ms12-005 ) and also that the MS12-004 and MS12-005 patches be applied to servers as soon as possible. The ISC-SANs source has also identified patch MS12-002 as critical for workstations.
There are currently no known exploits identified for these vulnerabilities. However, it is fully expected that exploit code WILL made available within the next 30 days.
The breakdown of vulnerabilities and the potential for exploitation is as follows:
Workstation OS – Bulletin #1 – Security Feature Bypass – http://technet.microsoft.com/en-us/security/bulletin/ms12-001
NOTE – Security Feature Bypass vulnerability. Reliable exploit code is expected. Vulnerability has not been publically disclosed as of this time.
- Windows XP–SP3 32bit – NOT APPLICABLE
- Windows XP-SP2 64bit – IMPORTANT
- Windows Vista-SP2 – 32 and 64 bit – IMPORTANT
- Windows 7 – base and SP1 both 32 and 64 bit – IMPORTANT
Server OS – Bulletin #1 – http://technet.microsoft.com/en-us/security/bulletin/ms12-001
- Windows Server 2003-SP2 (32, 64 bit and Itanium systems) – IMPORTANT
- Windows Server 2008-SP2 (32, 64 bit and Itanium systems) – IMPORTANT
- Windows Server 2008R2- base and SP1 (64 bit and Itanium systems) – IMPORTANT
Workstation OS – Bulletin #2 – http://technet.microsoft.com/en-us/security/bulletin/ms12-002
NOTE – Remote Code Execution vulnerability. Reliable exploit code is expected at a future date. Vulnerability has not been publically disclosed as of this time.
- Windows XP-SP3 32bit – IMPORTANT*
- Windows XP-SP2 64bit – IMPORTANT*
- Windows Vista-SP2 – NOT APPLICABLE for 32 or 64 bit Vista systems
- Windows 7-SP1 – NOT APPLICABLE for 32 or 64 bit Windows 7 systems
*NOTE – Identified as CRITICAL for Workstation OSs by SANS – http://isc.sans.edu/diary/January+2012+Microsoft+Black+Tuesday+Summary/12361
Server OS – Bulletin #2 – http://technet.microsoft.com/en-us/security/bulletin/ms12-002
- Windows Server 2003-SP2 (32, 64 bit and Itanium) – IMPORTANT
- Windows Server 2008-SP2 (32, 64 bit and Itanium) – NOT APPLICABLE for Server 2008 installations
- Windows Server 2008R2-base and SP1 (64 bit and Itanium) – NOT APPLICABLE for Server 2008R2 installations
Workstation OS- Bulletin #3 – http://technet.microsoft.com/en-us/security/bulletin/ms12-003
NOTE – Elevation of Privilege vulnerability. Reliable exploit code is expected at a future date. Vulnerability has not been publically disclosed as of this time. Applicable for systems running Asian (Chinese, Japanese or Korean) versions of Windows only
- Windows XP–SP3 32bit – IMPORTANT
- Windows XP-SP2 64bit – IMPORTANT
- Windows Vista-SP2 (32 and 64 bit) – IMPORTANT
- Windows 7-SP1 (32 and 64 bit) – NOT APPLICABLE
Server OS – Bulletin #3 – http://technet.microsoft.com/en-us/security/bulletin/ms12-003
- Windows Server 2003-SP2 – (32, 64 bit and Itanium) IMPORTANT
- Windows Server 2008-SP2 – (32, 64 bit and Itanium) IMPORTANT
- Windows Server 2008R2-base and SP1 – (64bit and Itanium) NOT APPLICABLE for Server 2008R2 installations
Workstation OS – Bulletin #4 – http://technet.microsoft.com/en-us/security/bulletin/ms12-004
NOTE – Remote Code Execution vulnerability. Reliable exploit code is expected at a future date. Vulnerability has not been publically disclosed as of this time.
- Windows XP-SP3 (32 bit) – CRITICAL
- Windows XP-SP2 (64 bit) – CRITICAL
- Windows Vista-SP2 (32 and 64 bit) – CRITICAL
- Windows 7-SP1 (32 and 64 bit) – IMPORTANT
NOTE – For workstations, a patch now action is recommended by ISC-SANs for this vulnerability.
Server OS – Bulletin #4 – http://technet.microsoft.com/en-us/security/bulletin/ms12-004
- Windows Server 2003-SP2 (32, 64 bit and Itanium) – CRITICAL
- Windows Server 2008-SP2 (32, 64 bit and Itanium) – CRITICAL
- Windows Server 2008R2-base and SP1 (64 bit and Itanium) – IMPORTANT
Workstation OS – Bulletin #5 – http://technet.microsoft.com/en-us/security/bulletin/ms12-005
NOTE – Remote Code Execution vulnerability. Reliable exploit code is expected at a future date. Vulnerability has not been publically disclosed as of this time.
- Windows XP-SP3 (32 bit) – IMPORTANT
- Windows XP-SP2 (64 bit) – IMPORTANT
- Windows Vista-SP2 (32 and 64 bit) – IMPORTANT
- Windows 7-SP1 (32 and 64 bit) – IMPORTANT
NOTE – For workstations, a patch now action is recommended by ISC-SANs for this vulnerability.
Server OS – Bulletin #5 – http://technet.microsoft.com/en-us/security/bulletin/ms12-005
- Windows Server 2003-SP2 (32, 64 bit and Itanium) – IMPORTANT
- Windows Server 2008-SP2 (32, 64 bit and Itanium) – IMPORTANT
- Windows Server 2008R2-base and SP1 (64 bit and Itanium) – IMPORTANT
NOTE – For server operating systems, the ISC-SANs source assigns a critical classification for this vulnerability.
Workstation OS – Bulletin #6 – http://technet.microsoft.com/en-us/security/bulletin/ms12-006
NOTE – Information Disclosure vulnerability. Reliable exploit code is NOT expected to materialize. Vulnerability has been disclosed publically.
- Windows XP–SP3 32bit – IMPORTANT
- Windows XP-SP2 64bit – IMPORTANT
- Windows Vista-SP2 – 32 and 64 bit – IMPORTANT
- Windows 7 – base and SP1 both 32 and 64 bit – IMPORTANT
Server OS – Bulletin #6
- Windows Server 2003-SP2 (32, 64 bit and Itanium) – IMPORTANT
- Windows Server 2008-SP2 (32, 64 bit and Itanium) – IMPORTANT
- Windows Server 2008R2-base and SP1 (64 bit and Itanium) – IMPORTANT
Anticross Site Scripting Library (aka Anti XCSS) – Bulletin #7 – http://technet.microsoft.com/en-us/security/bulletin/ms12-007
NOTE – Information Disclosure vulnerability. Reliable exploit code is NOT expected to materialize. Vulnerability has been disclosed publically.
Workstation OSs – Bulletin #7
- All current workstation OSs that have the Anti XCSS library implemented
Server OS – Bulletin #7
- All current server OSs that have the Anti XCSS library implemented