Microsoft Security Bulletin Update

As you should know by now the hacking engagement is in full force with multiple companies taking extra effort to protect their computer systems from invasion. So recently Microsoft released a security bulletin on August 14, 2012 identifying nine security issues to common software platforms. Five are classified as critical and four others are classified as important. Here is the breakdown of the bulletins and the affected software.

Bulletin ID Maximum Severity Rating and Vulnerability Impact Affected Software
Bulletin 1 Critical
Remote Code Execution
Microsoft Windows,
Internet Explorer
Bulletin 2 Critical
Remote Code Execution
Microsoft Windows
Bulletin 3 Critical
Remote Code Execution
Microsoft Windows
Bulletin 4 Critical
Remote Code Execution
Microsoft Office,
Microsoft SQL Server,
Microsoft Server Software,
Microsoft Developer Tools
Bulletin 5 Critical
Remote Code Execution
Microsoft Exchange
Bulletin 6 Important
Elevation of Privilege
Microsoft Windows
Bulletin 7 Important
Remote Code Execution
Microsoft Windows
Bulletin 8 Important
Remote Code Execution
Microsoft Office
Bulletin 9 Important
Remote Code Execution
Microsoft Office

What this means for the user

The ratings are important because they establish the seriousness of the deficiency or weakness in the software.
The critical vulnerability rating identifies the possibility of exploitation that could allow code execution without any user interaction in the mix. For the most part these include malware or instances where code execution occurs without warnings or prompts or is self-duplicating. This could mean that problems could occur anywhere from browsing a web page to opening email.
The important rating on the other hand identifies a vulnerability that could compromise of the confidentiality, integrity, or availability of user data, or the integrity or availability of processing resources.

Impact on Windows
The critical vulnerability for Windows goes as far back as Windows XP service pack 2 and service pack 3. But Server 2003, Vista, and Server 2008 are also in the class of endangered OS. In each case, the problem is that the software is open and exposed to malware that could impact how the OS performs or how programs under its direction perform. The problem is that the inserted virus may be present without the OS being aware of the presence.

Impact on Internet Explorer or Remote desktop connection
The browser can be vulnerable and give the same privilege rights to a hacker that an administrator has or someone else has with fewer rights. Also the vulnerability of remote desktop connection can be exposed when packets are sent across the system and allow the remote code connection to occur. This allows a hacker to access the remote computer. In both of these cases, the malware can appear to be plain and simple, that is until it permits operations never intended by the host administrator.

Impact on Sql Server
Specific software is also mentioned in the security bulletin. In the case of SQL Server, the bulletin mentions the 2000 release version as well as 2005, and 2008 SQL server versions. This is something for administrators to consider seriously, especially since many enterprises are tied to database operations and need to have a solid data scheme that operates without problems. Any underlying malware that could affect the performance of the database technology or the data in the database system must be addressed quickly.

The Office Suites

The Microsoft Office Suites of 2003, 2007, and 2010 are also in the critical warning area. Any malware affecting any of these office products can cause a lot of damage because of the number of applications potentially affected, starting with Word and PowerPoint and going to OneNote and SharePoint; it can be staggering. While the damage may not be as severe as a SQL Server infection, the number of users hit by malware when using the Office application could be large. That alone could make a big impact on a business.

Detection and Protection

Microsoft offers the Security Essentials program to help identify and remove malware. Since the program is free, it is a convenient way to keep ahead of the malware fight. But in the case of the security bulletin that Microsoft is offering with the updates, it is worth looking at just what specific updates that your system may need. It is not necessary to take all the updates, just the ones that impact your computer hardware and software.

What the content of the bulletin exemplifies is that well known Microsoft software can be marked and changed even to the point that it may not even appear to be compromised. The upgrades are an important cure to remove the temptation of outsiders getting into your system and wreaking havoc.

Security Bulletin August 2012

Technet Webcast 08/15/12

Security Bulletin Archive

Microsoft Security Essentials


Subscribe & Connect

Share This Post: 

Subscribe to our e-mail newsletter for updates:

No comments yet.

Leave a Reply