[prev in list] [next in list] [prev in thread] [next in thread] 

List:       patchmanagement
Subject:    Re: Out of Band alert for IE --- and a fixit out now
From:       Emin <emin.atac () gmail ! com>
Date:       2012-09-21 17:16:42
Message-ID: CAGN5iaiS4kDU6KK3C9VBCt+C+avd0TKwmmKN5Mnd_yFE0h6XjQ () mail ! gmail ! com
[Download RAW message or body]

Hi, fyi
The bulletin is live@
http://technet.microsoft.com/en-us/security/Bulletin/MS12-063


On Fri, Sep 21, 2012 at 9:51 AM, Henry Arnold <arnoldhf@optonline.net> wrote:
> Here's some more information on the Fix-It.
>
> http://blogs.technet.com/b/srd/archive/2012/09/19/more-information-on-securi
> ty-advisory-2757760-s-fix-it.aspx
>
> Regards,
> Hank Arnold
> Network Administrator - Hospice, Inc.
> http://www.hospiceinc.org
>
>
> MVP (Windows Server - Directory Services)
> http://it.toolbox.com/blogs/personal-pc-assistant/
>
>
> -----Original Message-----
> From: Darryl Roberts [mailto:DarrylJR@itprofessionalservices.net]
> Sent: Wednesday, September 19, 2012 7:10 PM
> To: Patch Management Mailing List
> Subject: RE: Out of Band alert for IE --- and a fixit out now
>
> A Microsoft Fix Ix is typically just automation of something that can be
> done manually or in a policy.  Since the security advisory
> (http://technet.microsoft.com/en-us/security/advisory/2757760) gives very
> little practical workaround advice (other than deploying and correctly
> configuring the Enhanced Mitigation Experience Toolkit), what does the Fix
> It do?  Unfortunately the KB article for the Fix It
> (http://support.microsoft.com/kb/2757760) currently does not explain what
> the Fix It does and just refers back to the security advisory.
>
> Does the Fix It deploy and configure EMET?  Does it set the Internet and
> Local intranet security zone settings to "High" (to block ActiveX Controls
> and Active Scripting in these zones)?  Does it do both?
>
> Changing the Internet and Local intranet security zone settings IMO is not
> very practical and I will not deploy the Fix It if that is what it does.
>
> Darryl J. Roberts
> IT Professional Services, LLC
> "We manage your computer systems so you can manage your business"
> Ventura, CA, USA
> www.itprofessionalservices.net
>
> -----Original Message-----
> From: Susan Bradley [mailto:sbradcpa@pacbell.net]
> Sent: Wednesday, September 19, 2012 3:21 PM
> To: Patch Management Mailing List
> Subject: Out of Band alert for IE --- and a fixit out now
>
> What is the purpose of this alert?
>
> This is an advance notification for one out-of-band security bulletin that
> Microsoft is intending to release on September 21, 2012. The bulletin
> addresses security vulnerabilities in Internet Explorer.
>
> Microsoft provides advance notification to our customers concerning the
> number of new security updates being released, products affected, and the
> aggregate maximum severity. This is intended to help our customers plan for
> the deployment of these security updates more effectively.
>
> ==================================
> NEW (OOB) BULLETIN SUMMARY
> ==================================
> Bulletin ID: Bulletin 1
> Maximum Severity Rating: Critical
> Vulnerability Impact: Remote Code Execution Restart Requirement: Requires a
> restart Affected Software: Internet Explorer in Windows XP, Windows Server
> 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008
> R2.
>
> Note: The list of affected software above an abstract. To see the full list
> of affected components please click on the "Advance Notification Webpage"
> link below and review the "Affected Software" section.
>
> Although we do not anticipate any changes, the number of bulletins, products
> affected, restart information, and severities are subject to change until
> released.
>
> ==================================
> Bulletin Advance Notification Webpage
> ==================================
> The full version of the Microsoft Security Bulletin Advance Notification for
> this release can be found
> athttp://technet.microsoft.com/security/bulletin/ms12-sep
>
> ==================================
> FIX IT TOOL FOR INTERNET EXPLORER VULNERABILITY RELEASED
> ==================================
> A Fix-it solution for Security Advisory 2757760 is being released today,
> September 19, 2012 through Microsoft KB Article 2757760. See the following
> for more details on the Fix-It Solution:
>
> * Microsoft Security Advisory 2757760 - Vulnerability in Internet Explorer
> Could Allow Remote Code Execution
> -http://technet.microsoft.com/security/advisory/2757760
>
> * Microsoft KB Article 2757760  -http://support.microsoft.com/kb/2757760
>
> ==================================
> BULLETIN RELEASE (OOB) WEBCAST
> ==================================
> Microsoft will host a webcast to address customer questions on the security
> bulletin on September 21, 2012, at 12:00 PM Pacific Time (US & Canada).
>
> Register now for the September 21, 12:00 PM Security Bulletin
> Webcast:https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=10325298
> 52&Culture=en-US
>
>
>
>
> ---
> When posting or replying to messages on this list, please send all emails in
> plain text format.  HTML formatted messages will not be accepted.
>
> PatchManagement.org is hosted by VMware
>
> To unsubscribe send a blank email to
> leave-patchmanagement@patchmanagement.org
> If you are unable to unsubscribe via this email address, please email
> owner-patchmanagement@patchmanagement.org
>
>
>
> ---
> When posting or replying to messages on this list, please send all
> emails in plain text format.  HTML formatted messages will not be accepted.
>
> PatchManagement.org is hosted by VMware
>
> To unsubscribe send a blank email to leave-patchmanagement@patchmanagement.org
> If you are unable to unsubscribe via this email address, please email
> owner-patchmanagement@patchmanagement.org

---
When posting or replying to messages on this list, please send all
emails in plain text format.  HTML formatted messages will not be accepted.

PatchManagement.org is hosted by VMware

To unsubscribe send a blank email to leave-patchmanagement@patchmanagement.org
If you are unable to unsubscribe via this email address, please email
owner-patchmanagement@patchmanagement.org
[prev in list] [next in list] [prev in thread] [next in thread]