At the top of the Microsoft list is another MSCOMCTL related bug. Last patched in April, the Windows Common Control bug patched with bulletin MS12-027 made everyone sit up and take notice because it affects a huge number of applications including some very serious back office core systems like SQL servers and commerce servers.
There is some good news this month - that the attack vector associated with the MSCOMCTL patch is an RTF file - and the victim has to explicitly open the file to allow the exploit. If you can’t get this patch rolled out or mitigation applied quickly, you should remind users about the dangers of opening attachments from unknown persons.
It’s the third month in a row with a new Internet Explorer patch, so Microsoft is really taking advantage of the new ability to release an IE patch more frequently. This probably means there are a lot more IE patches in our collective future since it’s a good bet Microsoft will be tackling their IE backlog post haste.
As expected, MS is patching the zero-day bug called ‘Oracle Outside in Exchange’ bug. This vulnerability really never went anywhere in the exploit community. We have so far seen very little uptake on actively exploiting the bug.
MS12-054 contains a sprint spooler bug with a potentially wormable condition. Keen-eyed attackers are going need to focus carefully on vulnerability to uncover all of its potential. This is something that predominately affects small business and campus locations where Windows computers are configured in workgroups. If this describes your business, deploy this patch as soon as you can.
Hidden lower in the MS deployment priority is MS12-053, an RDP bug only affecting XP, another bug with a potentially wormable condition. This one has the potential for serious impact because it is network aware and no authentication is required. If you have XP on your network, then get the mitigations for this one installed ASAP.
Author: Andrew Storms, director of security operations at nCircle.