Update Tuesday overview for September 2012

As I previously mentioned in the Advance Notification blog on Thursday, today we are releasing two security bulletins, both of which are rated Important.

These bulletins will increase protection by addressing two unique vulnerabilities in the following Microsoft products:

  • MS12-061 (Visual Studio Team Foundation Server) This security update resolves a privately reported vulnerability in Visual Studio Team Foundation Server. This bulletin is rated Important for Microsoft Visual Studio Team Foundation Server 2010 Service Pack 1.
  • MS12-062 (System Center Configuration Manager) This security update resolves a privately reported vulnerability in Microsoft System Center Configuration Manager. The bulletin is rated Important for Microsoft Systems Management Server 2003 Service Pack 3 and Microsoft System Center Configuration Manager 2007 Service Pack 2.

Neither of the issues addressed is known to be under active exploit in the wild – and, on another positive note, neither bulletin requires customers to restart their machines.

In this video, Yunsun Wee discusses this month’s bulletins in further detail, focusing on these two bulletins as well as on an important announcement concerning a certificate-related advisory to be released in October:

As always, we recommend that customers deploy all security updates as soon as possible. Below is our deployment priority guidance to further assist customers in their deployment planning (click for larger view).

Our risk and impact graph shows an aggregate view of this month’s severity and exploitability index (click for larger view).

More information about this month’s security updates can be found on the Microsoft Security Bulletin summary web page.

Per our usual process, we’ll offer the monthly technical webcast on Wednesday, hosted by Dustin Childs and Andrew Gross.  I invite you to tune in and learn more about the September security bulletins. The webcast is scheduled for Wednesday, September 12, 2012 at 11 a.m. PDT, and the registration can be found here.

For all the latest information, you can also follow the MSRC team on Twitter at @MSFTSecResponse.

Thank you,

Angela Gunn
Trustworthy Computing.