November 2012 Security Bulletin Webcast Q&A
Hosts: Jeremy Tinder, Security Program Manager
Dustin Childs, Group Manager, Response Communications
Chat Topic: November 2012 Security Bulletin ReleaseDate: Wednesday, November 14, 2012
Q: For MS12-076 (Excel) - Does "Office File Validation" help mitigate this?
A: Office File Validation does capture some of the CVE’s listed in the bulletin. It doesn’t cover all of them. You can find this information in the bulletin.
Q: Can Windows RT devices be patched from WSUS for devices that are used internally that have no Windows Update Access?
A: No. Windows RT devices can't get the updates from WSUS. Windows RT devices only get the updates from Windows Update
Q: Is the version number for Windows RT going to be updated like Windows, as opposed to Windows Mobile/Phone? When security updates are applied to Windows Mobile/Windows Phone, the version number is updated so it's easy to know what security fixes are applied. It appears from the bulletin that we can only tell if Windows RT is updated via System Center.
A: If the version number in this question is about the binary version number, the answer is yes. The version number for Windows RT binaries will be updated and you can search on the start screen for the binary and check the version number.
Q: After installing the original Security Advisory 2749655 on Windows XP SP3, I am getting unsigned code warning when installing 3rd party WHQL signed drivers such as NVidia video drivers, is this fixed by the re-release?
A: Microsoft Security Advisory 2749655 applies only to first-party packages signed and distributed by Microsoft. We would also like to start reminding everyone that Windows XP will go out of support in April 2014.
Q: Can you get into more details regarding how to deploy MS12-073? Is it true WSUS does not detect servers needing this update and it needs to be deployed manually?
A: Depending on your configuration, you may have to manually apply KB2716513. If you have FTP 7.0 or FTP 7.5 installed as a non-default scenario (OOB), then WSUS will not detect and offer the update. However, for default scenarios of FTP 7.0 and FTP 7.5 KB2716513 is detected and offered via Windows Update.
Q: MS12-072 is not offered to all Windows Server 2008, 2008 R2, or 2012 servers. The security bulletin does not indicate eligibility criteria for the update to be offered. Amongst my servers, I found that the update is offered to servers where the Desktop Experience Feature is present. Can you confirm this is correct, or if there's any additional applications/features that need to be present for this update to be offered?
A: Yes, this is correct. KB2727528 will be offered only when the optional Desktop Experience is installed and enabled.
Q: Any update on the replacement for MBSA for Windows 8 and Windows Server 2012?
A: At this time there are no plans to replace the MBSA for Windows 8 and Windows Server 2012.
Q: Can Flash binaries be completely removed/uninstalled from Internet Explorer 10 to reduce the attack surface? If not can it be disabled via Group Policy Object (GPO) or a Fix-it?
A: The Flash Binaries cannot be completely removed from Internet Explorer 10 with Control Panel. But it can be disabled through the Manage Add-ons dialog box. And it can also be disabled with GPO. Please see the TechNet article “Internet Explorer 10 FAQ for IT Pros”, you can search for flash to find the QA.
Q: How do we verify and audit security bulletins have been installed on Windows Server 2012 and Windows 8 since the MBSA scanner doesn't support these operating systems?A: Two of the detection and deployment tools that Microsoft provides, System Center Configuration Manager and WSUS 3.0, are capable of making an automated determination of update applicability. We would also encourage customers to use the file version information that is provided in the KB articles associated with the update to make the determination manually.
Q: MS12-024 has had issues with Citrix and Microsoft has released a fix. But guidance is only to install the fix if the issue occurs. My question is, does the fix actually create a vulnerability? Is Microsoft planning on releasing an update to MS12-024?
A: Hotfix 958476 was released to address connectivity issues with the RDP update offered in MS12-024. The hotfix does not introduce a vulnerable condition and currently Microsoft does not have plans to re-release MS12-024.