• Please be sure to read the rules and adhere to them. Some banned members have complained that they are not spammers. But they spammed us. Some even tried to redirect our members to other forums. Duh. Be smart. Read the rules and adhere to them and we will all get along just fine. Cheers. :beer: Link to the rules: https://www.forumsforums.com/threads/forum-rules-info.2974/

Patch Tuesday for 16 holes in MS products

muleman

Gone But Not Forgotten
GOLD Site Supporter
Microsoft drops surprise IE patch, fixes under-attack Windows zero-day

Summary: Patch Tuesday: Redmond ships nine bulletins to fix 16 dangerous security holes in Microsoft Windows, Internet Explorer, Visual Basic for Applications, and Microsoft Office.

By Ryan Naraine for Zero Day | July 10, 2012 -- Updated 19:25 GMT (12:25 PDT)

6Comments
1 Vote



inShare​
more +



Microsoft today released a critical security patch to cover a zero-day flaw that was being used by "nation-state attackers" to hijack Gmail accounts.

The vulnerability, originally disclosed on June 13, affects Microsoft XML Core Services and can be exploited to launch remote code execution attacks if a Windows user simply surfs to a maliciously crafted website using Internet Explorer.

The MS12-043 bulletin headlines a heavy Patch Tuesday that includes nine bulletins -- three critical, six important -- covering 16 documented software vulnerabilities.

This month's patch batch covers dangerous security holes in the Windows operating system, the Internet Explorer browser, Visual Basic for Applications and Microsoft Office.

The Internet Explorer update is a surprise. Microsoft typically patches the IE browser every other month (last month's updates featured a major IE fix) but because of the severity of two critical vulnerablities, the company decided to go back-to-back with patches for the world's most widely deployed browser.

Here's the skinny on the Internet Explorer bulletin, via the MSRC blog:


  • MS12-044 (Internet Explorer): This security update addresses two Critical-class, remote-code-execution issues affecting Internet Explorer. As with the MDAC issue, these two vulnerabilities were privately disclosed to us and we have no indication that they’re under exploit in the wild. As with the others, recommend that customers read the bulletin information and apply it as soon as possible. We have by the way increased our Internet Explorer resources to the point where we will be able to release an update during any month instead of on our previous, bi-monthly cadence. We look forward to your feedback on the change.
The company is also urging Windows users to pay special attention to MS12-045, a critical bulletin that covers a remote code execution flaw haunting Microsoft Data Access Components (MDAC)

"The issue exists in all versions of Windows, and users of any version of Internet Explorer would potentially be vulnerable to it; however, we received word of this issue through private disclosure and we have no evidence that it is publically known or under exploit in the wild. Still, we recommend that customers read the bulletin information and apply it as soon as possible," Microsoft said.

The other six bulletins are all rated "important" and affects Windows, Visual Basic for Applications, and Office, including SharePoint and Office for Mac.
 

nixon

Boned
GOLD Site Supporter
Tired /retired asked me to post this to you ......
Shoulda bought a Mac !:whistling:
 
Top