- Microsoft was not alone in delivering updates this patch Tuesday. Below is a synopsis of the updates provided by Microsoft, Google and Adobe.
Microsoft Patch Tuesday for August 2012 patches nine security vulnerabilities out of which five are labeled as critical, with updates preventing remote code execution. The remaining updates are labled as important updates.
Critical Microsoft Updates
• Cumulative Security Update for Internet Explorer – This update patches the exploit in Internet Explorer that allows the attacker to gain elevated user privileges via remote code execution in specific crafted webpages.
• Vulnerability in Remote Desktop Could Allow Remote Code Execution– This patch prevents a remote code from being executed when the attacker sends a modified RDP packet.
• Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution – This update patches a vulnerability that allows remote code execution when a specially crafted response is sent to Windows print spooler.
• Vulnerability in Windows Common Controls Could Allow Remote Code Execution– The vulnerability in Windows Common Controls allows remote code execution when the user visits a website that is crafted to exploit this software vulnerability.
• Vulnerabilities in Microsoft Exchange Server Web Ready Document Viewing Could Allow Remote Code Execution– This patch fixes the vulnerability that allows remote code execution in the security context of the transcoding service on the Exchange server.
Microsoft Non-Critical Important Patches
• Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
• Vulnerability in JScript and VBScript Engines Could Allow Remote Code Execution
• Vulnerability in Microsoft Office Could Allow Remote Code Execution
• Vulnerability in Microsoft Visio Could Allow Remote Code Execution
3rd Party Application Patches
• Google has released Chrome 21.0.1180.77, a release that fixes many security and stability issues.
• Adobe released Flash 11.3.300.271 which fixes the vulnerability that allows attackers to crash the application and take control of user system by executing malicious code distributed through a Word document. This update also fixes a vulnerability in ActiveX, a version of Adobe Flash player in Internet Explorer.
• Adobe also released Adobe Reader 10.1.4, Acrobat 9.5.2 and Shockwave 184.108.40.2066 which fixes a memory corruption vulnerability which could allow remote code execution.
• Oracle Java also released JRE 7u6 & JRE 6u34.
For a comprehensive list of recent 3rd party updates, check out this table.