Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • Development
    • Networking

    Microsoft Patch Tuesday Release Fixes Flaws in Internet Explorer, Windows

    By
    Brian Prince
    -
    June 12, 2012
    Share
    Facebook
    Twitter
    Linkedin

      Microsoft patched more than two-dozen security vulnerabilities across several of its products.

      The patches were included in seven bulletins, three of which were rated “critical” and touch issues related to Internet Explorer, .NET Framework and the Remote Desktop Protocol (RDP). The other four bulletins are rated “important,” though like the critical ones they have all been given an exploitability index rating of 1, meaning that the development of exploit code is likely.

      The MS12-037 bulletin, which contains 13 security fixes for Internet Explorer, is being regarded by Microsoft and some security researchers as one of the most important to deploy immediately. One of the vulnerabilities it fixes, CVE-2012-1875, is already being used in limited attacks in the wild. The bulletin also fixes CVE-2012-1876, which was used by VUPEN Security during the PWN2OWN contest held early this year at CanSecWest.

      “This is probably one of the most severe bulletins because exploit code is likely to be created for one or more of these vulnerabilities, which leads to the potential for drive-by malware attacks across all versions of Internet Explorer,” said Marc Maiffret, CTO at BeyondTrust. “This, in our opinion, is one of the more important sets of patches to roll out as soon as possible.”

      Another critical bulletin garnering attention is MS12-036, which addresses a flaw in Remote Desktop that could enable remote-code execution if an attacker sends a sequence of specially crafted RDP packets to a vulnerable system. RDP is not enabled by default in Windows, however, and systems that do not have it enabled are not at risk.

      “This relates to MS12-020, which had organizations on high alert in March after Microsoft issued warnings that the vulnerability could be weaponized to result in widespread attacks,” noted Marcus Carey, security researcher at Rapid7.

      “Up to now, MS12-020 has only been exploited as a reliable denial-of-service attack; however, from what I understand, MS12-036 may offer a more reliable attack vector for exploitation. The silver lining is that after MS12-020, many organizations took preventative measures to disable RDP, especially at egress points in their networks. If organizations must run RDP on the Internet, they should test and deploy MS12-020 patches as soon as possible.”

      The final critical bulletin dealt with a .NET Framework vulnerability that could permit remote-code execution if a user views a malicious Web page using a browser that can run XAML Browser Applications (XBAPs). The vulnerability could also be used by Windows .NET Framework applications to bypass Code Access Security (CAS) restrictions.

      In addition to the bulletins, Microsoft also released an advisory regarding a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0 and 6.0. According to Microsoft, the issue exists when MSXML attempts to access an object in memory that has not been initialized, which may corrupt memory and ultimately allow an attacker to execute code. In a blog post, Angela Gunn of Microsoft’s Trustworthy Computing Group said that the investigation into the vulnerability is ongoing. However, the company has released a workaround for anyone who believes they are affected.

      Brian Prince

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×