Overview of the June 2012 Microsoft patches and their status.
We will update issues on this page for about a week or so as they evolve.
We appreciate updates US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY (*): ISC rating
(**): The exploitability rating we show is the worst of them all due to the too large number of ratings Microsoft assigns to some of the patches. -- |
Swa 760 Posts Jun 12th 2012 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread locked Subscribe |
Jun 12th 2012 1 decade ago |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
I'm intrigued by one of the vulnerabilities addressed in MS12-042, "BIOS ROM Corruption Vulnerability". I wonder if the possibility of BIOS malware (rare but not unknown) is perhaps a little larger on some radar screens with it. Most people I mention it to don't seem to take it very seriously.
|
Jarrod 5 Posts |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Jun 12th 2012 1 decade ago |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Interestingly enough, CVE-2012-1515 maps to a VMware vulnerability, more on that here: http://www.vmware.com/security/advisories/VMSA-2012-0006.html According to the advisory, a ROM overwrite can result in privilege escalation on Windows based virtual machines. I guess both VMware and Microsoft are covering all bases here.
|
e.b. 17 Posts |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Jun 12th 2012 1 decade ago |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The Dutch page http://www.security.nl/artikel/41855/1/Onderzoekers_ontdekken_nieuwe_BIOS-rootkit.html refers to a BIOS rootkit found by McAfee, described here (in English): http://blogs.mcafee.com/mcafee-labs/bioskits-join-ranks-of-stealth-malware
From e.b.'s comment we now know that not only _physical_ BIOS memory is at risk! |
Erik van Straten 129 Posts |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Jun 13th 2012 1 decade ago |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
A Dutch site states that this is the same hole as patched in MS12-020, reopened by a SP. Is this correct?
http://translate.google.be/translate?sl=nl&tl=en&js=n&prev=_t&hl=nl&ie=UTF-8&layout=2&eotf=1&u=http%3A%2F%2Fwebwereld.nl%2Fnieuws%2F110820%2Fmicrosoft-heropent-kritiek-windows-gat.html |
Erik van Straten 2 Posts |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Jun 13th 2012 1 decade ago |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
An automatic updater of revoked certificates is available for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
- http://support.microsoft.com/kb/2677070 Last Review: June 13, 2012 - Revision: 2.0 > https://blogs.technet.com/b/pki/archive/2012/06/12/announcing-the-automated-updater-of-untrustworthy-certificates-and-keys.aspx?Redirected=true . |
Jack 160 Posts |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Jun 13th 2012 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!