Microsoft has issued the usual Patch Tuesday round of updates, but this time – guess what? Windows 8 updates are included, as well as for RT. Isn’t that wonderful?
19 flaws have been fixed in this round of updates. All are being updated in six bulletins this month. These bulletins are listed as MS12-071 through MS12-076. Four are rated critical and two of them urgent.
Now, some have asked about Internet Explorer 10 being vulnerable yet…not at this time. It is not currently vulnerable to the current set of three related flaws in Internet Explorer 9.
However, a font parsing flaw has been found, which could affect Windows 8, as noted in CVE-2012-2897.
Here is a general CVE list of the latest vulnerabilities fixed in the current round:
- Internet Explorer CRITICAL
- Windows Shell Remote Code Execution CRITICAL
- Microsoft Internet Information Systems (IIS) URGENT
- .NET Framework vulnerabilities, affecting multiple versions CRITICAL
- Kernel Mode Drivers CRITICAL
- Microsoft Office Excel Remote Code Execution CRITICAL
Patch Tuesday this month (June 2012) was quite a show of vulnerability patching.
From Microsoft Updates to Oracle Updates!
Java Standard Edition needed patched big time, Oracle notes. 14 vulnerabilities were found recently, which ensured the update. It is recommended to patch immediately from Java.com, because six of the vulnerabilities received the highest possible common vulnerability scoring system (CVSS) rating.
If 12 out of 14 vulnerabilities stay unpatched, they are remotely exploitable, which means they present a HUGE security risk!
This update addresses security vulnerabilities in the Java development kit (JDK) and runtime environment (JRE) version 7 update 4 and earlier, JDK and JRE version 6 update 32 and earlier, JDK and JRE update 35 and earlier, JDK and JRE 1.4.2 update 37 and earlier, and JavaFX 2.1 and earlier.
Oracle gives credit for reporting these vulnerabilities to Adam Gowdiak of Security Explorations, Andrei Costin of Secunia, Chris Ries of TippingPoint, and Clayton Smith of Entrust.
Microsoft Windows Updates
3 critical updates – 4 important updates = 7 total bulletins that were addressed.
Here is a rundown of the critical updates:
- MS12-036 – remote desktop vulnerability: an attacker could obtain the credentials to perform attacks through the Remote Desktop Protocol (RDP).
- MS12-037 – cumulative security update for Internet Explorer…addressed 1 public and 12 private vulnerabilities.
- MS12-038 – This is a .NET Framework issue in XAML browser applications (XBAP), where an attacker can execute remote code if credentials are right.
Overall, Patch Tuesday this time around was a huge hit.
Now, get to work on the updates: