Skip to main content
MSRC

2012

November 2012 Security Bulletin Webcast, Q&A, and Slide Deck

Thursday, November 15, 2012

Hello, Today we’re publishing the November 2012 Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded ten questions focusing primarily Windows RT, Windows 8, and Windows Server 2012 detection and deployment, MS12-072 (Windows Shell), and MS12-073 (IIS). All questions are included on the Q&A page. We invite our customers to join us for the next public webcast on Wednesday, December 12th at 11 a.

Read More

MS12-074: Addressing a vulnerability in WPAD’s PAC file handling

Tuesday, November 13, 2012

Today we released MS12-074, addressing a Critical class vulnerability in the .NET Framework that could potentially allow remote code execution with no user interaction. This particular CVE, CVE-2012-4776, could allow an attacker on a local network to host a malicious WPAD PAC file containing script code which could be executed on a victim machine without requiring any type of authentication or user interaction.

Read More

November 2012 Bulletin Release

Tuesday, November 13, 2012

Security Updates Today we released six security bulletins to help protect our customers - four Critical, one Important, and one Moderate – addressing 19 vulnerabilities in Microsoft Windows Shell, Windows Kernel, Internet Explorer, Internet Information Services (IIS), .NET Framework, and Excel. For those who need to prioritize deployment, we recommend focusing on these two Critical updates first:

Read More

Verifying update hashes

Tuesday, November 13, 2012

Some of you may have noticed us improving our defense-in-depth practices for bulletins by supplying sha1 and sha2 hashes in the Knowledge Base (KB) articles. This has been most visible in the KB with the addition of the “File hash information” section, but it is also noted in the Frequently Asked Questions (FAQ) section of each bulletin for convenience.

Read More