In light of the scope of the patches, the February ISO recommendation would be as follows:

• Patch all workstations as soon as possible with both Microsoft (especially patch MS12-010 and also MS12-013) and third party updates;
• Patch all server installations as soon as time permits.

To the knowledge of the AgriLife ISO, with the exception of the MS12-016 patch for Silverlight 4, no problems have been experienced with the installation of these patches.  Early in the patch release on February 14, customers reported that some Windows 7, Vista and XP machines (both 32 and 64 bit) experienced an error when the KB2668562 patch installation was attempted.  That condition has since been identified as a problem with metadata (logic) error.  The patch was re-released later in the day on February 14.  See the following URL for details -  http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/kb2668562-silverlight-update-will-not-install-feb/46bcf0b1-c9b8-41f5-b802-b6a8e822d930

Details on specific products patched by bulletin

• http://technet.microsoft.com/en-us/security/bulletin/ms12-008 – Windows workstation and Server OSs
• http://technet.microsoft.com/en-us/security/bulletin/ms12-009 – Windows workstation and Server OSs
• http://technet.microsoft.com/en-us/security/bulletin/ms12-010 – Internet Explorer version 6-9
• http://technet.microsoft.com/en-us/security/bulletin/ms12-011 – SharePoint
• http://technet.microsoft.com/en-us/security/bulletin/ms12-012 – Windows Server 2008 OSs only
• http://technet.microsoft.com/en-us/security/bulletin/ms12-013 – Windows workstation and Server OSs excluding Windows XP and Server 2003
• http://technet.microsoft.com/en-us/security/bulletin/ms12-014 – Windows XP workstation only
• http://technet.microsoft.com/en-us/security/bulletin/ms12-015 – Microsoft Visio viewer 2010 base and SP1 (32 and 64 bit)
• http://technet.microsoft.com/en-us/security/bulletin/ms12-016  -  .NET framework 2.0, 3.51, 4.0 and Silverlight

Patches by bulletin – details
Workstation/server OS – Bulletin #8 – two vulnerabilities in Windows Kernel Mode Drivers – http://technet.microsoft.com/en-us/security/bulletin/ms12-008

NOTE – Remote code execution vulnerability. Two vulnerabilities addressed; one had not previously publicly disclosed, the second HAD been disclosed publicly. For the vulnerability that had NOT been publicly disclosed, it is expected that reliable exploit code will materialize in the next 30 days. For the vulnerability that HAD been publicly disclosed, reliable exploit code is not expected to materialize within the next 30 days.

Applicable workstation operating systems and severity:

• Windows XP-SP3 (32 bit) – CRITICAL
• Windows XP-SP2 (64 bit) – CRITICAL
• Windows Vista-SP2 (32 and 64 bit) – CRITICAL
• Windows 7 base and SP1 (32 and 64 bit) – CRITICAL

Server OS – Bulletin #8

Applicable server operating systems and severity:

• Windows Server 2003-SP2 (32 and 64 bit) – CRITICAL
• Windows Server 2008-SP2 (32, 64 bit and Itanium) – CRITICAL/IMPORTANT*
• Windows Server 2008R2-SP2 (64 bit) and Itanium – CRITICAL/IMPORTANT*

*NOTE – Server core operating system affected – See the following URLS for details – http://technet.microsoft.com/en-us/library/ee441255%28WS.10%29.aspx or http://technet.microsoft.com/en-us/library/ff698994%28WS.10%29.aspx

For the following Server operating systems, severity is classified as IMPORTANT if Server Core installation option is used: Server 2008 SP2 (32 and 64 bit), Server 2008R2 (64 bit)

Workstation/server OS – Bulletin #9 – two vulnerabilities in Windows Ancillary Function Driver- http://technet.microsoft.com/en-us/security/bulletin/ms12-009

NOTE – Elevation of privilege (to exploit this vulnerability, an attacker would require valid logon credentials and be required to login locally).  Privately disclosed vulnerability. Reliable exploit code expected within the next 30 days now the vulnerability has been made public. First vulnerability (CVE-2012-0149) only affects Windows Server 2003.  Second vulnerability affects all 64 bit versions of current Windows workstation and Server operating systems.

Applicable workstation operating systems and severity:

• Windows XP-SP2 (64 bit) – IMPORTANT
• Windows Vista-SP2 (64 bit) – IMPORTANT
• Windows 7 base and SP1 (64 bit) – IMPORTANT

Server OS – Bulletin #9

Applicable workstation operating systems and severity:

• Windows Server 2003 SP2 (32, 64 bit and Itanium) – IMPORTANT
• Windows Server 2008 SP2 (64 bit and Itanium) – IMPORTANT
• Windows Server 2008R2 base and SP1 – (64 bit and Itanium) – IMPORTANT

Workstation/server OS – Bulletin #10 – Four vulnerabilities in Internet Explorer versions 6-9 http://technet.microsoft.com/en-us/security/bulletin/ms12-010

NOTE – Remote Code Execution vulnerabilities.  None of the vulnerabilities have been disclosed publicly prior to February 14. Likely to see reliable exploit code within the next 30 days now the vulnerabilities are publicly known.

Applicable workstation OS and Web Browsers and severity:

• Windows XP-SP3 (32 bit) – CRITICAL for Internet Explorer versions 7 and 8
• Windows XP-SP2 (64 bit) – CRITICAL for Internet Explorer versions 7 and 8
• Windows Vista-SP2 (32 and 64 bit) – CRITICAL for Internet Explorer versions 7, 8 and 9
• Windows 7 – base and SP1 (32 and 64 bit) – CRITICAL for Internet Explorer 8 and 9

Server OS – Bulletin #10

Applicable workstation operating systems and severity:

• Windows Server 2003-SP2 (32, 64 bit and Itanium) – MODERATE for Internet Explorer version 7 and 8
• Windows Server 2008-SP2 (32, 64 bit and Itanium) – MODERATE for Internet Explorer version 7-9
• Windows Server 2008R2 base and SP1 (64 bit and Itanium) – MODERATE for Internet Explorer version 8 and 9

Application software – Bulletin #11 -  three Cross Site Scripting vulnerabilities in SharePoint and SharePoint foundation – http://technet.microsoft.com/en-us/security/bulletin/ms12-011

NOTE – Elevation of privilege (to exploit this vulnerability, an attacker would require valid logon credentials and be required to login locally).  Privately disclosed vulnerability. Reliable exploit code likely to materialize in the next 30 days. Exposure mitigated for users accessing SharePoint servers with Internet Explorer versions 8 and 9 due to cross site scripting blocking implemented in Internet Explorer (versions 8 and 9).

Applicable application software and Severity –

• Microsoft Office SharePoint 2010 base and SP1 – IMPORTANT
• Microsoft Office SharePoint Foundation 2010 base and SP1 – IMPORTANT

Server OS – Bulletin #12 – one vulnerability in Windows Color Control panel – http://technet.microsoft.com/en-us/security/bulletin/ms12-012

NOTE – Remote code execution. Publicly disclosed vulnerability. Reliable exploit code likely to materialize in the next 30 days.  Not applicable for Windows Client Operating Systems

Applicable Server OSs and severity

• Windows Server 2008-SP2 (32 and 64 bit) – IMPORTANT*
• Windows Server 2008-SP2 (Itanium) – IMPORTANT
• Windows Server 2008R2 – 64 bit – IMPORTANT*
• Windows Server 2008R2 – Itanium – IMPORTANT

*NOTE Server core installation not affected

Workstation/server OS – Bulletin #13 – one vulnerability in Windows C Run-Time Library – http://technet.microsoft.com/en-us/security/bulletin/ms12-013

NOTE – Remote code execution. Privately reported vulnerability. Reliable exploit code likely to materialize in the next 30 days.

Applicable workstation OSs and severity

• Windows XP-SP2 – NOT applicable
• Windows Vista-SP2 (32 and 64 bit) – CRITICAL
• Windows 7-base and SP1 (32 and 64 bit) – CRITICAL

Applicable Server OSs and severity

• Windows Server 2008-SP2 (32, 64 bit and Itanium) – CRITICAL*
• Windows Server 2008R2 base and SP1 (64 bit an Itanium) – CRITICAL*

*Note server core operating system installation affected for 32 and 64 bit versions. Itanium installations not affected.

Workstation/server OS – Bulletin  #14 – one vulnerability in Indeo Codec – http://technet.microsoft.com/en-us/security/bulletin/ms12-014

NOTE – Remote code execution. Publicly reported. Reliable exploit code likely to materialize in the next 30 days.

Applicable workstation OSs and severity

• Windows XP-SP3 – (32 bit) – IMPORTANT
• Windows Vista-SP2 (32 and 64 bit) – NOT applicable
• Windows 7-base and SP1 (32 and 64 bit) – NOT applicable

Applicable Server OSs and severity

• Windows Server 2003-SP2 (32, 64 bit and Itanium) – NOT applicable
• Windows Server 2008-SP2 (32, 64 bit and Itanium) – NOT applicable
• Windows Server 2008R2 base and SP1 (64 bit an Itanium) –  NOT applicable

Application software – Bulletin #15 – five vulnerabilities in Visio 2010 viewer – http://technet.microsoft.com/en-us/security/bulletin/ms12-015

NOTE – Remote code execution. Privately reported. Reliable exploit code likely to materialize in the next 30 days.

Applicable applications and severity

• Microsoft Visio viewer 2010 base and SP1 – (32 and 64 bit) – IMPORTANT

Workstation and Server OSs and Development Tools and Software – Bulletin #16 – one vulnerability in .NET framework (versions 2.0, 3.51 and 4) and Silverlight – http://technet.microsoft.com/en-us/security/bulletin/ms12-016

NOTE – Remote code execution. Publicly reported. Reliable exploit code likely to materialize in the next 30 days.

Applicable workstation OSs and severity

• Windows XP-SP3  (32 and 64 bit) – CRITICAL
• Windows Vista-SP2 (32 and 64 bit) – CRITICAL
• Windows 7 base and SP1 – (32 and 64  bit) – CRITICAL

Applicable server OSs and severity

• Windows Server 2003SP2 – 32, 64 bit and Itanium – CRITICAL
• Windows Server 2008SP2 – 32, 64 bit and Itanium – CRITICAL
• Windows Server 2008R2 base and SP1 – 64 bit and Itanium – CRITICAL

Oracle-Java –

1.6.31 -  http://java.com/en/download/manual.jsp

1.7.03 -   http://www.oracle.com/technetwork/java/javase/downloads/index-jsp-138363.html#javasejdk  (as of yet not considered a production release)

The current versions for the various platforms are as follows:

• Windows/Macintosh/Linux/Solaris – 11.1.102.62
• Android 4 – 11.1.115.6
• Android 3 and earlier – 11.1.111.6

With the release of Firefox version 10, Mozilla has also begun deployment of the Extended Support Release – https://wiki.mozilla.org/Enterprise/Firefox/ExtendedSupport:Proposal

The Extended Support Release will provide large organizations (such as Universities, Schools, City/State governments) additional time (when compared to Mozilla normal 8 week release cycle), for testing and deployment of new versions. Mozilla has currently proposed that the Extended Support Release versions will be supported for a period of 54 weeks. During that period, critical and important security patches will be applied to Extended Support Releases (and they will appear as point releases coinciding with normal version updates for Firefox and Thunderbird)   However, other enhancements will not be back ported.

The link to download Firefox ESR (for various operating systems) is available at the bottom of the http://www.mozilla.org/en-US/firefox/organizations/faq/ URL.

Additional details about ESR is available at the following URLs
http://www.mozilla.org/en-US/firefox/organizations/
http://www.mozilla.org/en-US/firefox/organizations/faq/  

NOTE: A ESR version of Thunderbird is also available – information (including a download link) on the Thunderbird ESR version is available at: http://www.mozilla.org/en-US/thunderbird/organizations/faq/

Update February 2

Release notes for version 10 can be found at – http://www.mozilla.org/en-US/firefox/10.0/releasenotes/

The following products have security updates included:

• Address book
• Apache
• ATS
• CFNetwork
• ColorSync
• CoreAudio
• CoreMedia
• CoreText
• CoreUI
• Curl
• Data Security
• Dovecot
• filecmds
• ImageIO
• Internet Sharing
• Libinfo
• Libresolv
• Libsecurity
• OpenGL
• PHP
• QuickTime
• SquirrelMail
• Subversion
• TimeMachine
• Tomcat
• WebDAV Sharing
• WebMail
• X11

• http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00

Security Advisories Relating to Symantec Products – Symantec pcAnywhere Remote Code Execution, Local Access File Tampering

Update – February 1

In the URL below, Symantec has recently rescinded its recommendation to discontinue use of all versions of pcAnywhere. It has also indicated that all customers running a version prior to 12.0 that free upgrades will be offered to version 12.5

http://www.networkworld.com/news/2012/013112-symantec-drops-dont-use-advice-gives-255552.html

Modena also confirmed that customers running versions of pcAnywhere prior to version 12.0 will be offered a free upgrade to 12.5.

“If requested, Symantec will honor an update to version 12.5 for customers using previous versions of the product,” said Modena today. To ask for a free upgrade, users should send the company an email aimed at the pcanywhere@symantec.com address.

All but one of the patches are classified as IMPORTANT. The one exception is classified as CRITICAL on Windows Server 2003 and 2008, Windows XP and Windows Vista operating systems (for Windows 7 and Windows Server 2008R2 installations, the same patch is classified as IMPORTANT) and will require a restart of the specific system being updated.

The primary rationale for the classification of CRITICAL for bulletin #1 on Windows Server 2003, Server 2008 and Windows XP/Vista systems is the vulnerability could allow remote code execution if exploited.

The following details are currently unknown and should be made available on Tuesday:

• If the exploit has been identified to the public
• If the exploit code requires an authenticated account for the vulnerability to be exploited successfully.
• If the vulnerability can be exploited consistently with security features* included in the most current Windows operating (such as Windows Server 2008R2 and Windows 7)

Each of these factors will determine the urgency for the application of the critical patch.

*Security features implemented by default in the most current operating systems include:
http://en.wikipedia.org/wiki/Address_space_layout_randomization
http://en.wikipedia.org/wiki/Data_Execution_Prevention

Update – January 10, 4 p.m.

Additional information has been recently provided detailing the scope of the Microsoft patches released on January 10. It is available at – http://technet.microsoft.com/en-us/security/bulletin/ms12-jan

As originally indicated, Microsoft has only identified one patch as being critical for workstations and servers -  http://technet.microsoft.com/en-us/security/bulletin/ms12-004 . However, one other source (http://isc.sans.edu/diary/January+2012+Microsoft+Black+Tuesday+Summary/12361) has recommended that TWO patches should be applied to workstations immediately  (http://technet.microsoft.com/en-us/security/bulletin/ms12-004 and http://technet.microsoft.com/en-us/security/bulletin/ms12-005 ) and also that the MS12-004 and MS12-005 patches be applied to servers as soon as possible. The ISC-SANs source has also identified patch MS12-002 as critical for workstations.

There are currently no known exploits identified for these vulnerabilities.  However, it is fully expected that exploit code WILL made available within the next 30 days.

The breakdown of vulnerabilities and the potential for exploitation is as follows:

Workstation OS – Bulletin #1 – Security Feature Bypass – http://technet.microsoft.com/en-us/security/bulletin/ms12-001

NOTE – Security Feature Bypass vulnerability. Reliable exploit code is expected. Vulnerability has not been publically disclosed as of this time.

• Windows XP–SP3 32bit – NOT APPLICABLE
• Windows XP-SP2 64bit – IMPORTANT
• Windows Vista-SP2 – 32 and 64 bit – IMPORTANT
• Windows 7 – base and SP1 both 32 and 64 bit – IMPORTANT

Server OS – Bulletin #1 – http://technet.microsoft.com/en-us/security/bulletin/ms12-001

• Windows Server 2003-SP2 (32, 64 bit and Itanium systems) – IMPORTANT
• Windows Server 2008-SP2 (32, 64 bit and Itanium systems) – IMPORTANT
• Windows Server 2008R2- base and SP1 (64 bit and Itanium systems) – IMPORTANT

Workstation OS – Bulletin #2 – http://technet.microsoft.com/en-us/security/bulletin/ms12-002

NOTE – Remote Code Execution vulnerability. Reliable exploit code is expected at a future date. Vulnerability has not been publically disclosed as of this time.

• Windows XP-SP3 32bit – IMPORTANT*
• Windows XP-SP2 64bit – IMPORTANT*
• Windows Vista-SP2 – NOT APPLICABLE for 32 or 64 bit Vista systems
• Windows 7-SP1 – NOT APPLICABLE for 32 or 64 bit Windows 7 systems

*NOTE – Identified as CRITICAL for Workstation OSs by SANS – http://isc.sans.edu/diary/January+2012+Microsoft+Black+Tuesday+Summary/12361

Server OS – Bulletin #2 – http://technet.microsoft.com/en-us/security/bulletin/ms12-002

• Windows Server 2003-SP2 (32, 64 bit and Itanium) – IMPORTANT
• Windows Server 2008-SP2 (32, 64 bit and Itanium) – NOT APPLICABLE for Server 2008 installations
• Windows Server 2008R2-base and SP1 (64 bit and Itanium) – NOT APPLICABLE for Server 2008R2 installations

Workstation OS- Bulletin #3 – http://technet.microsoft.com/en-us/security/bulletin/ms12-003

NOTE – Elevation of Privilege vulnerability. Reliable exploit code is expected at a future date. Vulnerability has not been publically disclosed as of this time. Applicable for systems running Asian (Chinese, Japanese or Korean) versions of Windows only

• Windows XP–SP3 32bit – IMPORTANT
• Windows XP-SP2 64bit – IMPORTANT
• Windows Vista-SP2 (32 and 64 bit) – IMPORTANT
• Windows 7-SP1 (32 and 64 bit) – NOT APPLICABLE

Server OS – Bulletin #3 – http://technet.microsoft.com/en-us/security/bulletin/ms12-003

• Windows Server 2003-SP2 – (32, 64 bit and Itanium) IMPORTANT
• Windows Server 2008-SP2 – (32, 64 bit and Itanium) IMPORTANT
• Windows Server 2008R2-base and SP1 – (64bit and Itanium) NOT APPLICABLE for Server 2008R2 installations

Workstation OS – Bulletin #4 – http://technet.microsoft.com/en-us/security/bulletin/ms12-004

NOTE – Remote Code Execution vulnerability. Reliable exploit code is expected at a future date. Vulnerability has not been publically disclosed as of this time.

• Windows XP-SP3 (32 bit) – CRITICAL
• Windows XP-SP2 (64 bit) – CRITICAL
• Windows Vista-SP2 (32 and 64 bit) – CRITICAL
• Windows 7-SP1 (32 and 64 bit) – IMPORTANT

NOTE – For workstations, a patch now action is recommended by ISC-SANs for this vulnerability.

Server OS – Bulletin #4 – http://technet.microsoft.com/en-us/security/bulletin/ms12-004

• Windows Server 2003-SP2 (32, 64 bit and Itanium) – CRITICAL
• Windows Server 2008-SP2 (32, 64 bit and Itanium) – CRITICAL
• Windows Server 2008R2-base and SP1 (64 bit and Itanium) – IMPORTANT

Workstation OS – Bulletin #5 – http://technet.microsoft.com/en-us/security/bulletin/ms12-005

NOTE – Remote Code Execution vulnerability. Reliable exploit code is expected at a future date. Vulnerability has not been publically disclosed as of this time.

• Windows XP-SP3 (32 bit) – IMPORTANT
• Windows XP-SP2 (64 bit) – IMPORTANT
• Windows Vista-SP2 (32 and 64 bit) – IMPORTANT
• Windows 7-SP1 (32 and 64 bit) – IMPORTANT

NOTE – For workstations, a patch now action is recommended by ISC-SANs for this vulnerability.

Server OS – Bulletin #5 – http://technet.microsoft.com/en-us/security/bulletin/ms12-005

• Windows Server 2003-SP2 (32, 64 bit and Itanium) – IMPORTANT
• Windows Server 2008-SP2 (32, 64 bit and Itanium) – IMPORTANT
• Windows Server 2008R2-base and SP1 (64 bit and Itanium) – IMPORTANT

NOTE – For server operating systems, the ISC-SANs source assigns a critical classification for this vulnerability.

Workstation OS – Bulletin #6 – http://technet.microsoft.com/en-us/security/bulletin/ms12-006

NOTE – Information Disclosure vulnerability. Reliable exploit code is NOT expected to materialize. Vulnerability has been disclosed publically.

• Windows XP–SP3 32bit – IMPORTANT
• Windows XP-SP2 64bit – IMPORTANT
• Windows Vista-SP2 – 32 and 64 bit – IMPORTANT
• Windows 7 – base and SP1 both 32 and 64 bit – IMPORTANT

Server OS – Bulletin #6

• Windows Server 2003-SP2 (32, 64 bit and Itanium) – IMPORTANT
• Windows Server 2008-SP2 (32, 64 bit and Itanium) – IMPORTANT
• Windows Server 2008R2-base and SP1 (64 bit and Itanium) – IMPORTANT

Anticross Site Scripting Library (aka Anti XCSS) – Bulletin #7 – http://technet.microsoft.com/en-us/security/bulletin/ms12-007

NOTE – Information Disclosure vulnerability. Reliable exploit code is NOT expected to materialize. Vulnerability has been disclosed publically.

Workstation OSs – Bulletin #7

• All current workstation OSs that have the Anti XCSS library implemented

Server OS – Bulletin #7

• All current server OSs that have the Anti XCSS library implemented

Please see details at the following URLs –
http://technet.microsoft.com/en-us/security/advisory/2659883
http://technet.microsoft.com/en-us/security/bulletin/ms11-100.mspx
http://blogs.technet.com/b/srd/archive/2011/12/29/asp-net-security-update-is-live.aspx
http://blogs.technet.com/b/msrc/archive/2011/12/30/december-2011-out-of-band-security-bulletin-webcast-q-amp-a.aspx

Specific details regarding the exploit
General Information
Executive Summary
This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if an unauthenticated attacker sends a specially crafted web request to the target site. An attacker who successfully exploited this vulnerability could take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands. In order to exploit this vulnerability, an attacker must be able to register an account on the ASP.NET site, and must know an existing user name.

Currently I don’t see version 9 of Thunderbird available for downloading at this time – I expect the web page will be updated shortly.

http://www.mozilla.org/en-US/firefox/all.html – All language versions available at this link.

http://www.mozilla.org/en-US/thunderbird/all.html  – All language versions available at this link.

http://www.seamonkey-project.org/releases/seamonkey2.6/ -

Additional details.

http://secunia.com/advisories/47302/

Criticality level   Highly critical

Impact Unknown

Exposure of sensitive information

System access

Where   From remote

Software:

Mozilla Firefox 8.x

Mozilla Thunderbird 8.x

Description

Multiple vulnerabilities have been reported in Mozilla Firefox and Thunderbird, where one has an unknown impact and others can be exploited by malicious people to disclose sensitive information and compromise a user’s system.

1) Some unspecified errors can be exploited to corrupt memory. No further information is currently available.

2) An error exists within the YARR regular expression library when parsing javascript content.

3) An error within the SVG implementation when SVG elements are removed during a DOMAttrModified event can be exploited to cause an out-of-bounds memory access.

4) The application does not properly handle SVG animation accessKey events when JavaScript is disabled. This can lead to the user’s key strokes being leaked.

5) An error within the plugin handler when deleting DOM frame can be exploited to dereference memory.

NOTE: This vulnerability only affects Mac OS X.

6) An error exists within the handling of OGG <video> elements.

Successful exploitation of vulnerabilities #1 – #3 and #5 may allow execution of arbitrary code.

Solution

Upgrade to version 9.0.