Microsoft repaired critical remote code execution vulnerabilities in Internet Explorer and the Windows Kernel, issuing six security bulletins, including four critical in the software giant's November Patch Tuesday updates.
MS12-071 and MS12-075 are the two critical bulletins IT patching administrators should focus on the most, wrote Dustin Childs, group manager at Microsoft's Trustworthy Computing, in a blog post about the bulletin release. MS12-071 addresses three remote code execution vulnerabilities in Internet Explorer 9. A successful attacker could gain the same rights as the user, so accounts with fewer rights could be impacted less than those with administrative privileges. The patch will require a restart.
Microsoft Patch Tuesday
October 2012 Patch Tuesday: Microsoft addresses critical Word flaws
RSA key length change should be priority in September 2012 Patch Tuesday
"Internet Explorer gets an update, but it's only IE9, [and] not many people in the enterprise have it yet," said Wolfgang Kandek, CTO at Redwood City, Calif.-based Qualys Inc. He added that enterprises that run IE9 on company devices should definitely prioritize this update.
MS12-075 fixes three vulnerabilities in Windows Kernel and the most severe could allow for remote code execution if a user opens a malicious document or visits a malicious webpage with embedded TrueType font files. Kandek said although the font issue can have a serious impact for users, this particular exploit will be difficult for an attacker to figure out. This puts MS12-075 in contrast with the Internet Explorer flaws, which Kandek said is easy for attackers to reverse engineer.
A restart is required to apply the updates in MS12-075. The bulletin applies to all supported versions of Microsoft Windows.
The four critical vulnerabilities are rounded out by MS12-072 and MS12-074. MS12-072 addresses two vulnerabilities in Microsoft Windows that could allow remote code execution. To be affected, a user would have to visit a specially crafted briefcase in Windows Explorer. The patch requires a restart.
MS12-074 fixes five vulnerabilities in the .NET Framework, including one that could allow for remote code execution. To be successful, an attacker would have to convince the targeted operator to use a malicious proxy auto configuration file so the attacker could then inject code into the running application. It may require a restart.
The fifth bulletin, MS12-076, was only marked as important. However, Kandek said the ubiquity of the affected software, Microsoft Excel, makes this vulnerability important for enterprises. MS12-076 resolves four vulnerabilities that could allow remote code execution if a user opens a specially crafted Excel file with an affected version of Microsoft Excel. Kandek pointed out that since Excel is used so frequently in the workplace, many employees at enterprises would open an Excel attachment in an email as long as it wasn't worded too suspiciously.
The final bulletin, MS12-073, was classed as moderate. It patches vulnerabilities in Microsoft Internet Information Services that could allow information disclosure. Applying the update may require a restart.
Last month, Microsoft announced in Security Advisory 2749655 they would be issuing re-releases of updates that were initially given an incorrect signature timestamp. The first two updates were made available in November's patch: MS12-046 for Visual Basic and MS12-062 for System Center Configuration Manager 2007.