As we mentioned last week, this month’s Patch Tuesday includes the release of what Microsoft calls as an updater feature for Windows Vista and 7. This updater flags and automatically checks untrusted certificates from time to time. The checking relies on a list of untrusted certificates that Microsoft updates. Trend Micro Deep Security users, on the other hand, must apply the rule 1005040 – Detected Unauthorized Digital Certificate to protect from components of FLAME malware, which were known to use Microsoft certificates.
Of the seven bulletins released this month, three are rated Critical while the rest are rated Important. The Critical-rates bulletins are updates for Remote Desktop Protocol, versions 6 to 9 of Internet Explorer, and several versions of Microsoft .NET Framework. Vulnerabilities mentioned in the said Microsoft products/components allow remote code execution when successfully exploited. Users should immediately apply patches, whenever possible, for these vulnerabilities.
As guidance for Trend Micro Deep Security users, a complete list of rules and information on the bulletins are found in this Threat Encyclopedia page.