Microsoft eliminates 26 vulnerabilities in Windows

By -

During the update on 14-Tuesday August, Microsoft released nine security bulletins. The corresponding updates include a total of 26 vulnerabilities in Windows, Internet Explorer, Office and Exchange, as well as in several other Microsoft products.

Five of the nine security bulletins address vulnerabilities that Microsoft classifies as critical. You can allow an attacker to inject and execute code. For three security updates, Microsoft gives the highest priority (DP: Deployment Priority) to 1. They should be installed immediately. These are MS12-060, MS12-052 and MS12-054.

The Security Bulletins from 14 August 2012 in detail

MS12-052:   Cumulative Security Update for Internet Explorer
removes the security update for Internet Explorer four critical vulnerabilities and includes all previous updates (cumulative update). Attacks that attempt to exploit these vulnerabilities are not known.
MS12-053:   Vulnerability in Remote Desktop Protocol
This update fixes another vulnerability in the Remote Desktop Protocol (RDP), which applies only to Windows XP (32 bit). An attacker could send specially crafted RDP packets and thus trigger an access to an object in memory that has already been deleted. He can inject and execute code.
MS12-054:   Vulnerabilities in Windows Networking Components
This bulletin addresses four vulnerabilities in all versions of Windows. They relate to the print queue and the remote administration protocol. The risk rating of “critical” is for Windows XP and Server 2003, because only here it is possible to inject code. Vista is Microsoft’s second highest level of risk to high for the rest of the Windows versions of “medium”, because the gaps are good only for DoS attacks (Denial of Service).
MS12-055:   Vulnerability in Windows Kernel-Mode Driver
A vulnerability in the kernel mode driver win32k.sys all versions of Windows that allows a registered user to gain elevated privileges.
MS12-056: Vulnerability in JScript and VBScript scripting engines
In 64-bit Windows versions can be exploited a vulnerability in JScript 5.8 and VBScript 5.8, to execute injected code. This would be a potential victim brought to a specially crafted Web page using Internet Explorer menu.
MS12-57:   Vulnerability in Microsoft Office
A vulnerability Microsoft Office 2007 and 2010 can be exploited using crafted CGM image files.If such a file is opened with a vulnerable Office program can be run injected code.
MS12-058:   Vulnerabilities in Microsoft Exchange Server
Exchange Server 2007 and 2010 contain 13 security vulnerabilities in the Oracle Outside Indate. Microsoft has licensed specially adapted versions of these libraries from Oracle. The Oracle vulnerabilities were recently at the Black Hat security conference publicized. Susceptible to the transcoding service for Exchange WebReady Document Viewing when used for Outlook Web Access generated (OWA) is a preview of a prepared mail attachment. After installing the update, no reboot is necessary.
MS12-059:   Vulnerability in Microsoft Visio
when opening specially crafted DXF files in Visio 2010 or Visio Viewer 2010 can be run injected code with the privileges of the logged in user. The Drawing Interchange Format (DXF) is known primarily from AutoCAD.
MS12-060:   Vulnerability in Windows Common Controls
A vulnerability in the system file mscomctl.ocx that could allow an attacker to inject and execute code. For this he needs to lure a potential victim to a malicious Web page. Susceptible to a wide range of Microsoft products. It ranges from Office (2003, 2007, 2010) on SQL Server, Commerce Server and Host Integration Server to Visual FoxPro and Visual Basic. There are already targeted attacks using crafted RTF files known.
Microsoft also has its Malicious Software Removal Tool in the new version 4.11 provided.In addition, an update available for Windows, the use of certificates with RSA keys limits that are shorter than 1024 bits. The update will not apply until October will be distributed via Windows Update. Details Microsoft calls the Security Advisory 2661254

He has over 5 years of experience as Online Media and Marketing Consultant, which allow him to enable companies to enhance and meet their Digital marketing goals. He has experience as both in-house and Agency Digital Marketing Experts. Ha has spent the most recent 4 years of his career focusing building Strong terms of Digital Marketing for his clients. In addition to his strengths on Building Brands and Serving Online Marketing strategy for his clients.

Comments are closed.