Microsoft has just provided advance notice of the patches that are scheduled to be released on Tuesday, September 9. There details as currently known, are available at https://technet.microsoft.com/library/security/ms14-sep

There are a total of four patches scheduled to be released. One of the patches is classified as CRITICAL (for Windows Workstations) and the remaining three are classified as IMPORTANT. The one critical patch applies to all current versions of Internet Explorer on any Windows workstation OS currently supported. The patch designated as critical for workstation operating systems is assigned a moderate severity on Server operating systems.

The patch designated as critical (bulletin #1) could enable a remote code execution if successfully exploited.  The patches assigned bulletin #2 and #3 address denial of service or elevation of privilege vulnerabilities in Windows server 2003, 2008, 2008R2, 2012 and 2012R2; and also in Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows RT.  Bulletin #4 is a patch to address a denial of service condition and applies only to Lync 2010 and 2013 implementations.

New versions of the following web browsers have also been released in the last few days: Firefox, Thunderbird and Google Chrome.

The current version of Firefox should be 32.0

http://www.mozilla.org/en-US/firefox/32.0/releasenotes/

The current version of Thunderbird should be 31.1.0

https://www.mozilla.org/en-US/thunderbird/31.1.0/releasenotes/

The current version of Google Chrome for windows should be 37.0.2062.103

http://googlechromereleases.blogspot.com/search/label/Stable%20updates

 

Update Sept 10 8:10 a.m.

Microsoft has just released the patches for September.  As previously indicated, there are a total of 4 patches. The most significant patch (https://technet.microsoft.com/library/security/ms14-052) is a cumulative security update for Internet explorer. It includes patches for one publicly disclosed vulnerability and thirty-six privately reported vulnerabilities. As these vulnerabilities could allow remote code execution if successfully exploited, they are classified as CRITICAL for workstation operating systems (the Internet Explorer patches are classified as MODERATE for server operating systems).

For that reason, it is recommended that all windows workstations be patched as soon as possible.

Updates have also been issued for Adobe Flash
http://helpx.adobe.com/security/products/flash-player/apsb14-21.html

And also Adobe Reader and Acrobat – however, the adobe reader/acrobat patch has been delayed is not expected to be released prior to Sept 15
http://helpx.adobe.com/security/products/flash-player/apsb14-20.html

Microsoft has just sent their advance notice of the patches that are scheduled to be released on September 11, 2012.  There are a total of two patches to be released for September 2012.  Both of the patches are designated as IMPORTANT.  Based on the information currently available, there is no urgency in applying these patches for either Workstations or Server systems.  Additional information will be provided as it is made available.

 

The patch bulletins apply to the following Developer Tools/Software and Server software

 

• Bulletin #1 – IMPORTANT

Elevation of Privilege – OS restart NOT required
Developer Tools – Visual FoxPro
Product – Visual Studio Team Foundation Server 2010sp1
 

• Bulletin #2 – IMPORTANT

Elevation of Privilege – OS restart NOT required
Server software – System Center Configuration Manager
Products – Systems Management Server 2003sp3
               Systems Center Configuration Manager 2007sp3
The Microsoft announcement is available at – http://technet.microsoft.com/en-us/security/bulletin/ms12-sep

 

Update – September 12

Microsoft has provided additional details on the patches released on September 11.  Both of the vulnerabilities had not been publicly disclosed prior to September 11.  Further, no exploits have been identified as of September 12.  In the opinion of the AgriLife Information Security Officer, a rapid deployment is not necessary for the September patch cycle.  See you next month.

Microsoft has just announced the patches that are scheduled to be released for September – http://www.microsoft.com/technet/security/bulletin/ms10-sep.mspx  The patches are scheduled to be released on September 14.

As has been the trend, the older operating systems (generally XP and Server 2003)  have the larger number of applicable bulletins and also more often receive the critical classification.

There are nine bulletins that address thirteen vulnerabilities. Four of the bulletins are rated as critical and the remaining bulletins are classified as important.
The critical vulnerabilities apply to the following operating systems

Bulletin #1
Windows XP-SP3 –
Windows XP-SP2 64 bit

Bulletin #2
Windows Server 2003
Windows Server 2008 (base and SP2)
Windows Server 2008 (base and SP2) 64 bit
Windows XP-SP3 –
Windows XP-SP2 64 bit
Windows Vista SP1 and SP2
Windows Vista  64bit SP1 and SP2

Bulletin #3
Windows Server 2003
Windows Server 2008 (base and SP2)
Windows Server 2008 (base and SP2) 64 bit
Windows XP-SP3 –
Windows XP-SP2 64 bit
Windows Vista SP1 and SP2
Windows Vista  64bit SP1 and SP2

Please note, that none of the bulletins are classified as critical for Windows 7 or for Windows Server 2008 R2 operating systems. In fact, only three of the bulletins are applicable for these operating systems. Those three bulletins are: #1, #5 and #8.

Additionally, bulletins #6, #7 and #9 are not applicable for the Vista or Server 2008 operating systems.

Office products that have critical patches
Bulletin #4
Microsoft Outlook 2002 SP3 (component of Office XP)

Update – September 15

Everything I am reading http://isc.sans.edu/diary.html?storyid=9547 seems to indicate that patches MS10-61 and MS10-65 (the critical designation of MS10-65 applies to systems running IIS with fastCGI installed) should be applied NOW to Windows Server 2003 systems. The vulnerabilities that these patches address are currently being exploited. For that reason, the important classification assigned by Microsoft for MS10-65 has been elevated to critical by SANSs.  Microsoft’s information on these can be found at – http://blogs.technet.com/b/msrc/default.aspx?ppud=4&wa=wsignin1.0/default.aspx

Bulletin MS10-61
http://www.microsoft.com/technet/security/Bulletin/MS10-061.mspx
Microsoft Security Bulletin MS10-061 – Critical
Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290)

http://support.microsoft.com/kb/2347290
MS10-061: Vulnerability in Print Spooler Service could allow remote code execution

http://www.microsoft.com/downloads/en/details.aspx?familyid=93FABA6B-0A85-4ACC-B527-A012BBF56B13&displaylang=en
 Security Update for Windows XP (KB2347290)
Overview
A security issue has been identified that could allow an authenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.

Bulletin MS10-65
http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
Microsoft Security Bulletin MS10-065 – Important
Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution (2267960)

http://support.microsoft.com/kb/2267960
MS10-065: Vulnerabilities in Microsoft Internet Information Services (IIS) could allow remote code execution

http://www.microsoft.com/downloads/en/details.aspx?familyid=555864C3-9114-4988-8526-7BF545A27706&displaylang=en
Overview
A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.

http://www.microsoft.com/downloads/en/details.aspx?familyid=AE55787E-4A5C-48D5-AEDF-0ABADA514938&displaylang=en
Overview
A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.