National Cyber Awareness System
US-CERT Alert TA12-346A
Microsoft Updates for Multiple Vulnerabilities
Original release date: December 11, 2012
Last revised: --
Systems Affected
* Microsoft Windows
* Microsoft Office
* Microsoft Server Software
* Internet Explorer
Overview
Select Microsoft software products contain multiple
vulnerabilities. Microsoft has released updates to address these
vulnerabilities.
Description
The Microsoft Security Bulletin Summary for December 2012 describes
multiple vulnerabilities in Microsoft software. Microsoft has
released updates to address the vulnerabilities.
Impact
A remote, unauthenticated attacker could execute arbitrary code,
cause a denial of service, or gain unauthorized access to your
files or system.
Solution
Apply Updates
Microsoft has provided updates for these vulnerabilities in the
Microsoft Security Bulletin Summary for December 2012, which
describes any known issues related to the updates. Administrators
are encouraged to note these issues and test for any potentially
adverse effects. In addition, administrators should consider using
an automated update distribution system such as Windows Server
Update Services (WSUS). Home users are encouraged to enable
automatic updates.
References
* Microsoft Security Bulletin Summary for December 2012
<http://technet.microsoft.com/en-us/security/bulletin/ms12-dec>
* Microsoft Windows Server Update Services
<http://technet.microsoft.com/en-us/wsus/default.aspx>
* Microsoft Update
<http://www.update.microsoft.com/>
* Microsoft Update Overview
<http://www.microsoft.com/security/updates/mu.aspx>
* Turn Automatic Updating On or Off
<http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-of
f>
Revision History
December 11, 2012: Initial release
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA12-346A Feedback VU#298708" in
the subject.
____________________________________________________________________
Produced by US-CERT, a government organization.
____________________________________________________________________
This product is provided subject to this Notification:
http://www.us-cert.gov/privacy/notification.html
Privacy & Use policy:
http://www.us-cert.gov/privacy/
This document can also be found at
http://www.us-cert.gov/cas/techalerts/TA12-346A.html
For instructions on subscribing to or unsubscribing from this
mailing list, visit http://www.us-cert.gov/cas/signup.html
Spotlight
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Hacking charge stations for electric cars
Posted on 15 May 2013. | Ofer Shezaf talks about what charge stations really are, why they have to be ‘smart’ and the potential risks created to the grid, to the car and most importantly to its owner’s privacy and safety.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
