Microsoft rolling out a series of security updates, Windows 8 and Windows RT are included [Updated]

Microsoft security updates

Microsoft Patch Tuesday is here once again and this time the software giant is rolling out various updates for its line of operating systems including Windows 8 and Windows RT. In total there are six new updates that patch several vulnerabilities in Windows, Internet Explorer, Office, and Microsoft’s .NET Framework.

For the company this is also the first “Patch Tuesday” for its latest operating systems. Both Win 8 and RT has been affected by three of the five vulnerabilities that also affect other versions of Windows (XP, Vista, Windows 7 and Windows Server 2003/2008) and in built-in products in the OS.

Four of the five Windows bulletins have been classified as critical updates. While the fifth Windows bulletin has been classified as moderate, and the Office bulletin has simply received the important classification.

Windows Security Bulletins

  • MS12-071 (KB2761451) Critical: This update belongs to Internet Explorer and it resolves three privately reported vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights — More infoNote: IE10 on Windows 8 and Windows RT are not affected.
  • MS12-072 (KB2727528) Critical: This is an update and addresses vulnerabilities in Windows Shell Could Allow Remote Code Execution. This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user browses to a specially crafted briefcase in Windows Explorer. An attacker who successfully exploited this vulnerability could run arbitrary code as the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights — More info. Note: Windows 8, Server 2012, and Windows RT are affected.
  • MS12-073 (KB2733829) Moderate: Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information Disclosure. This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Internet Information Services (IIS). The more severe vulnerability could allow information disclosure if an attacker sends specially crafted FTP commands to the server — More info.
  • MS12-074 (KB2745030) Critical: Vulnerabilities in .NET Framework Could Allow Remote Code Execution. This security update resolves five privately reported vulnerabilities in the .NET Framework. The most severe of these vulnerabilities could allow remote code execution if an attacker convinces the user of a target system to use a malicious proxy auto configuration file and then injects code into the currently running application — More info. Note: Windows 8, Server 2012, and Windows RT are affected.
  • MS12-075 (KB2761226) Critical:  Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution. This security update resolves three privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a malicious webpage that embeds TrueType font files. An attacker would have to convince users to visit the website, typically by getting them to click a link in an email message that takes them to the attacker’s website — More info Note: Windows 8, Server 2012, and Windows RT are affected.
  • MS12-076 (KB2720184) Important: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution. This security update resolves four privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file with an affected version of Microsoft Excel. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights — More info.

How to update

If you have automatic Windows Update turned-on, these update should shortly pop-up in your system. You can also check for updates manually by going to the Control Panel, click or tap the System and Security item and then click or tap Check for updates.

To download each update individually, simply check each “More info” link for the corresponding Windows billeting and from the table click in the name of the operating system you want to download the updates.

Update

Patch Tuesday also brought a little surprise for Surface users, that is a “firmware” update, requiring users to plug in and charge the tablet before installing this special Windows Update.

What actually this “hardware update” does or what improves is not yet detailed — according to Winsupersite.com by Paul Thurrott –, but it seems that the firmware update does not any noticeable performance changes to the device or improvements related to app launching as many users are expecting.

Source Ghacks