Today, Microsoft released MS12-063 to protect customers against the issue described in Security Advisory 2757760. The security update resolves one publicly disclosed and four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Microsoft encourages customers to test and deploy the update as soon as possible.
What is the purpose of this alert?
This alert is to provide you with an overview of the new security bulletin being released (out of band) on September 21, 2012, for new vulnerabilities in Internet Explorer.
Microsoft is also releasing one new security advisory today for Adobe Flash Player in Internet Explorer 10 on Windows 8 and Windows Server 2012.
New Security Bulletin
Microsoft is releasing one new security bulletin (out-of-band) for newly discovered vulnerabilities:
Microsoft Security Bulletin MS12-063
Cumulative Security Update for Internet Explorer (2744842)
This security update resolves one publicly disclosed and four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory.
This security update also addresses the vulnerability first described in Microsoft Security Advisory 2757760.
Severity Ratings and Affected Software
This update requires a restart.
Bulletins Replaced by This Update
New Security Advisor
Microsoft published one new security advisory on September 21, 2012. Here is an overview of this new security advisory:
Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
Internet Explorer 10 on Windows 8 and Windows Server 2012
Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows 8 and Windows Server 2012. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10.
Public Bulletin Webcast
Microsoft will host a webcast to address customer questions on the new security bulletin:
Resources related to this alert
Security Bulletin MS12-063 –Cumulative Security Update for Internet Explorer (2744842): http://technet.microsoft.com/security/bulletin/MS12-063
Regarding Information Consistency
We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Microsoft’s security content posted to the web is occasionally updated to reflect late-breaking information. If this results inan inconsistency between the information here and the information in Microsoft’s web-based security content, the information in Microsoft’s web-based security content is authoritative.