September 2012 Patch Tuesday Overview
Microsoft has released two security bulletins addressing two vulnerabilities for the September 2012 edition of Patch Tuesday, marking a light Patch Tuesday. The last time Microsoft released this low of security bulletins on a Patch Tuesday was May 2011.
This Patch Tuesday also marks the lowest number of vulnerabilities patched by Microsoft since the beginning of 2011.
Both Microsoft security bulletins apply to specific and possible rare software on administrators networks. MS12-061 affects Visual Studio Team Foundation Server 2010 SP1 and MS12-062 affects Systems Management Server 2003 / 2007. Both bulletins are rated as Important, fix one privately reported vulnerability each, and cross-site scripting attacks could lead to elevation of privilege.
As for priority this month on which bulletin to apply, administrators should asses their servers and prioritize accordingly to their software setup.
If administrators have not patched since lately, or at least since last Patch Tuesday, they will want to deploy the latest version of Java to their systems. Java 7 update 7 addresses a critical zero-day vulnerability that has seen active exploits.
With the break administrators are getting this month, it presents the perfect opportunity to use the free time to test the Microsoft Security Advisory update KB2661254. This non-security update was released last month to the Microsoft Download Center. During the October 2012 Patch Tuesday, Microsoft will be moving this patch to mainstream availability in Windows Update and WSUS. This patch has the possibility of crippling business applications that utilize digital certificates less than 1024 bits in length.
On the non-Microsoft front, it is turning out to be relatively quiet as well. Adobe has released a security update for its ColdFusion product. Adobe security bulletin APSB12-21 addresses one important vulnerability that could lead to Denial of Service. Notepad++ has also released a new version of their product. Notepad++ 6.1.7 is a non-security update that addresses multiple crash issues.
I will be going over the September Patch Tuesday in detail in addition to any other non-Microsoft releases since the last Patch Tuesday in our Monthly Patch Tuesday webinar. As this is an extremely light month in terms of Microsoft security bulletins, I will be spending some time talking about non-security update KB2661254 and what to expect in October. This webinar is scheduled for next Wednesday, September 12th at 11:00am CT. You can register for this webinar here.
- Jason Miller