Hello. Today we’re releasing six security bulletins – one Critical-class, four Important and one Moderate – addressing seven issues in Microsoft Windows, Visual Studio, and Expression Design. We recommend that customers focus on MS12-020, our sole critical-class bulletin, as the March deployment priority. A little about MS12-020:
In the video below, Yunsun Wee discusses this month's bulletins, including MS12-020, in further detail.
Below is this month’s deployment priority guidance, to further assist customers in their deployment planning (click for larger view).
Link Removed due to 404 Error
Our risk and impact graph shows an aggregate view of March’s severity and exploitability index (click for larger view). Note that MS12-019 does not receive an XI rating.
Link Removed due to 404 Error
You can find more information about this month's security updates on the Microsoft Security Bulletin Summary web page.
Per our usual process we’ll offer the monthly technical webcast on Wednesday, hosted by Pete Voss and Dustin Childs. They’ll talk through the March bulletins, discuss changes on the horizon for Technet, and answer any further questions about the NLA Fix it. The webcast is scheduled for tomorrow, March 14, 2012, at 11 a.m. PDT. Link Removed - Invalid URL, and as always we look forward to taking your questions live during the webcast.
Thanks,
Angela Gunn
Trustworthy Computing.
Link Removed due to 404 Error
More...
- MS12-020 (Windows): This bulletin addresses one Critical-class issue and one Moderate-class issue in Remote Desktop Protocol (RDP). Both issues were cooperatively disclosed to Microsoft and we know of no active exploitation in the wild. The Critical-class issue applies to a fairly specific subset of systems – those running RDP – and is less problematic for those systems with Network Level Authentication (NLA) enabled. That said, we strongly recommend that customers examine and prepare to apply this bulletin as soon as possible. The Critical-class issue could allow a would-be attacker to achieve remote code execution on a machine running RDP (a non-default configuration); if the machine does not have NLA enabled, the attacker would not require authentication for RCE access.
In the video below, Yunsun Wee discusses this month's bulletins, including MS12-020, in further detail.
Below is this month’s deployment priority guidance, to further assist customers in their deployment planning (click for larger view).
Link Removed due to 404 Error
Our risk and impact graph shows an aggregate view of March’s severity and exploitability index (click for larger view). Note that MS12-019 does not receive an XI rating.
Link Removed due to 404 Error
You can find more information about this month's security updates on the Microsoft Security Bulletin Summary web page.
Per our usual process we’ll offer the monthly technical webcast on Wednesday, hosted by Pete Voss and Dustin Childs. They’ll talk through the March bulletins, discuss changes on the horizon for Technet, and answer any further questions about the NLA Fix it. The webcast is scheduled for tomorrow, March 14, 2012, at 11 a.m. PDT. Link Removed - Invalid URL, and as always we look forward to taking your questions live during the webcast.
Thanks,
Angela Gunn
Trustworthy Computing.
Link Removed due to 404 Error
More...
