During the update on 14-Tuesday August, Microsoft released nine security bulletins. The corresponding updates include a total of 26 vulnerabilities in Windows, Internet Explorer, Office and Exchange, as well as in several other Microsoft products.
Five of the nine security bulletins address vulnerabilities that Microsoft classifies as critical. You can allow an attacker to inject and execute code. For three security updates, Microsoft gives the highest priority (DP: Deployment Priority) to 1. They should be installed immediately. These are MS12-060, MS12-052 and MS12-054.
The Security Bulletins from 14 August 2012 in detail
removes the security update for Internet Explorer four critical vulnerabilities and includes all previous updates (cumulative update). Attacks that attempt to exploit these vulnerabilities are not known.
This update fixes another vulnerability in the Remote Desktop Protocol (RDP), which applies only to Windows XP (32 bit). An attacker could send specially crafted RDP packets and thus trigger an access to an object in memory that has already been deleted. He can inject and execute code.
This bulletin addresses four vulnerabilities in all versions of Windows. They relate to the print queue and the remote administration protocol. The risk rating of “critical” is for Windows XP and Server 2003, because only here it is possible to inject code. Vista is Microsoft’s second highest level of risk to high for the rest of the Windows versions of “medium”, because the gaps are good only for DoS attacks (Denial of Service).
A vulnerability in the kernel mode driver win32k.sys all versions of Windows that allows a registered user to gain elevated privileges.
In 64-bit Windows versions can be exploited a vulnerability in JScript 5.8 and VBScript 5.8, to execute injected code. This would be a potential victim brought to a specially crafted Web page using Internet Explorer menu.
A vulnerability Microsoft Office 2007 and 2010 can be exploited using crafted CGM image files.If such a file is opened with a vulnerable Office program can be run injected code.
Exchange Server 2007 and 2010 contain 13 security vulnerabilities in the Oracle Outside Indate. Microsoft has licensed specially adapted versions of these libraries from Oracle. The Oracle vulnerabilities were recently at the Black Hat security conference publicized. Susceptible to the transcoding service for Exchange WebReady Document Viewing when used for Outlook Web Access generated (OWA) is a preview of a prepared mail attachment. After installing the update, no reboot is necessary.
when opening specially crafted DXF files in Visio 2010 or Visio Viewer 2010 can be run injected code with the privileges of the logged in user. The Drawing Interchange Format (DXF) is known primarily from AutoCAD.
A vulnerability in the system file mscomctl.ocx that could allow an attacker to inject and execute code. For this he needs to lure a potential victim to a malicious Web page. Susceptible to a wide range of Microsoft products. It ranges from Office (2003, 2007, 2010) on SQL Server, Commerce Server and Host Integration Server to Visual FoxPro and Visual Basic. There are already targeted attacks using crafted RTF files known.