Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Hello. Today we’re releasing six security bulletins – one Critical-class, four Important and one Moderate – addressing seven issues in Microsoft Windows, Visual Studio, and Expression Design. We recommend that customers focus on MS12-020, our sole critical-class bulletin, as the March deployment priority. A little about MS12-020:
We understand that our customers need time to evaluate and test all bulletins before applying them. To provide for a bit of scheduling flexibility, we’re offering a one-click, no-reboot Fix it that enables Network-Level Authentication, an effective mitigation for this issue. It applies to Vista, Server 2008, Win7 and Server 2008R2 systems, and you can read all about it on the SRD blog. We’re pleased that the circumstances around this issue -- well-understood, not under active attack, easy-to-apply mitigation – give us the chance to provide both strength and flexibility as customers go about their update routines.
In the video below, Yunsun Wee discusses this month's bulletins, including MS12-020, in further detail.
Below is this month’s deployment priority guidance, to further assist customers in their deployment planning (click for larger view).
Our risk and impact graph shows an aggregate view of March’s severity and exploitability index (click for larger view). Note that MS12-019 does not receive an XI rating.
You can find more information about this month's security updates on the Microsoft Security Bulletin Summary web page.
Per our usual process we’ll offer the monthly technical webcast on Wednesday, hosted by Pete Voss and Dustin Childs. They’ll talk through the March bulletins, discuss changes on the horizon for Technet, and answer any further questions about the NLA Fix it. The webcast is scheduled for tomorrow, March 14, 2012, at 11 a.m. PDT. Click here to register, and as always we look forward to taking your questions live during the webcast.
Thanks, Angela Gunn Trustworthy Computing.