Today we released seven security bulletins addressing 20 CVEs (7 Microsoft and 13 Oracle CVE’s). Only one of the bulletins is rated Critical. The other six have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
(FAST Search Server for Sharepoint)
(SQL Reporting Services)
In addition to the seven new security bulletins, we have re-released MS12-043 to make available a security update for Microsoft XML Core Services 4.0 on Windows 8. (MSXML4 does not ship with Windows by default but can be included as a redistributable component with installed applications.)
We are also revising security advisory 2661254 to note that the update is now available for all customers over Automatic Updates.
Finally, we are releasing a new security advisory, 2749655, describing potential compatibility issues due to incorrect digital certificate timestamps in recently-released security updates. You can read more detail about that situation in the security advisory and the SRD blog post.
Please let us know if you have any questions about this month’s release. You can email the MSRC Engineering research team at switech [at] microsoft [dot] com or tune in to the monthly webcast tomorrow at 11 a.m. PDT. Click here to register for the webcast.
- Jonathan Ness, MSRC Engineering