Surface RT Firmware Update & Other Security Update Released; Microsoft Explains 'Verifying KB Update Hashes'

Six security bulletins that include - "four Critical, one Important, and one Moderate - addressing 19 vulnerabilities in Microsoft Windows Shell, Windows Kernel, Internet Explorer, Internet Information Services (IIS), .NET Framework, and Excel," released today."Three of these patches will be for Windows 8 and Windows RT. Four of the six updates are rated Critical and […]

Six security bulletins that include - "four Critical, one Important, and one Moderate - addressing 19 vulnerabilities in Microsoft Windows Shell, Windows Kernel, Internet Explorer, Internet Information Services (IIS), .NET Framework, and Excel," released today.

"Three of these patches will be for Windows 8 and Windows RT. Four of the six updates are rated Critical and address 13 vulnerabilities in Windows 8, Windows RT, and Windows Server 2012."

Surface RT Firmware Update Delivered, Patch Tuesday November 2012

Also, Microsoft today released the first firmware update for Surface RT. "Weighs in at 400KB, the update is expected to improve stability and performance."

The company' also providing an update for MS12-046 (Visual Basic), which is now listed as available in the advisory. And, MS12-062 (System Center Configuration Manager 2007) released to address an issue in the localization of resource files. "Users who have already successfully installed the English versions of this update do not need to take any action," MSRC stated.

Here are the four non-security-specific updates delivered to Surface RT today:

For more information about November's security updates, check out Microsoft Security Bulletin Summary web page, and the video below for an overview:

In another blog entry, MSRC team explained the process of verifying update hashes stating,

"some of you may have noticed us improving our defense-in-depth practices for bulletins by supplying sha1 and sha2 hashes in the Knowledge Base (KB) articles. Though most people will not find the need to go to these lengths as automatic updates stream line the process of providing a secure means of distributing updates, we continually work to raise the bar as part of our ongoing drive to evaluate defense-in-depth efforts and provide improvements."

"From PowerShell you can easily leverage the .Net Cryptographic Services to define a get-sha256 function."

function get-sha256 {param($file);[system.bitconverter]::tostring([System.Security.Cryptography.sha256]::create().computehash([system.io.file]::openread((resolve-path $file)))) -replace "-",""}

Here is how to verify the hashes for the MS12-071:

"After downloading the msu files we can simply iterate through the directory listing getting the sha2 hash for each file. If you prefer not to use the .Net Cryptographic Services you could also verify sha1 hashes with the File Checksum Integrity Verifier utility available in KB 841290," explained MSRC.