facebook rss twitter

Microsoft delivers updates to fix 27 flaws in Windows and IE

by Mark Tyson on 12 June 2012, 21:14

Tags: Microsoft (NASDAQ:MSFT), Internet Explorer, Windows 7, Windows Vista, Windows XP Home Edition (SP3)

Quick Link: HEXUS.net/qabh6r

Add to My Vault: x

The latest raft of patches has been made available by Microsoft for its software products, to help keep users safe from malicious software and local/remote attackers. This “Patch Tuesday” has brought fixes to 27 security flaws, 14 in Windows (XP SP3, Vista, 7, Server 2003/2008) and 13 in Internet Explorer. On my Windows 7 64-bit computer system the patches weighed in at 55MB.

If you don’t have Windows Update set to automatic updating it might be worth a manual check right now. The critical updates this month are the following;

MS12-038 | KB2706726 | Vulnerability in .NET Framework Could Allow Remote Code Execution

MS12-037 | KB2699988 | Cumulative Security Update for Internet Explorer

MS12-036 | KB2685939 | Vulnerabilities in Remote Desktop Could Allow Remote Code Execution

Two of the critical updates refer to Remote Code Execution (RCE). With regard to MS12-038, this vulnerability could be exploited by a “specially crafted webpage” and .NET applications can use the same route to bypass Code Access Security restrictions.

Looking at MS12-036, users who don’t have Remote Desktop enabled are not at risk while that preference setting remains. Systems with Remote Desktop Protocol enabled can suffer from a nasty case of RCE “if an attacker sends a sequence of specially crafted RDP packets to an affected system”.



MS12-037 is a big (24MB) cumulative patch for IE. One of the vulnerabilities was known to people outside of Microsoft and 12 others not publicly reported. Again the worst vulnerabilities could allow RCE “if a user views a specially crafted webpage using Internet Explorer”. And then… “An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user.  It doesn’t matter which version of IE you use; “This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows servers.”

So get your patches done and keep safe. I am left wondering about Internet Explorer 10 on the Windows 8 release preview systems, are those people getting these or similar security updates? If anyone is currently running the Windows 8 preview please let us know in the comments.



HEXUS Forums :: 6 Comments

Login with Forum Account

Don't have an account? Register today!
I've just checked for updates and although there were a few there weren't any security updates.
Are you on Windows 8?
Yes, I'm running the latest version.
cameronlite
Yes, I'm running the latest version.
No security updates offered hopefully means you didn't need them.
Does anyone else know if IE10 suffers from the same vulnerabilities as IE6,7,8,9 does on Win7 prior to todays updates? IE10 seems to be safer in general.
lol IE10, I always remove that rubbish on every fresh OS install.