Patch Tuesday this month (June 2012) was quite a show of vulnerability patching.
From Microsoft Updates to Oracle Updates!
Java Standard Edition needed patched big time, Oracle notes. 14 vulnerabilities were found recently, which ensured the update. It is recommended to patch immediately from Java.com, because six of the vulnerabilities received the highest possible common vulnerability scoring system (CVSS) rating.
If 12 out of 14 vulnerabilities stay unpatched, they are remotely exploitable, which means they present a HUGE security risk!
This update addresses security vulnerabilities in the Java development kit (JDK) and runtime environment (JRE) version 7 update 4 and earlier, JDK and JRE version 6 update 32 and earlier, JDK and JRE update 35 and earlier, JDK and JRE 1.4.2 update 37 and earlier, and JavaFX 2.1 and earlier.
Oracle gives credit for reporting these vulnerabilities to Adam Gowdiak of Security Explorations, Andrei Costin of Secunia, Chris Ries of TippingPoint, and Clayton Smith of Entrust.
Microsoft Windows Updates
3 critical updates – 4 important updates = 7 total bulletins that were addressed.
Here is a rundown of the critical updates:
- MS12-036 – remote desktop vulnerability: an attacker could obtain the credentials to perform attacks through the Remote Desktop Protocol (RDP).
- MS12-037 – cumulative security update for Internet Explorer…addressed 1 public and 12 private vulnerabilities.
- MS12-038 – This is a .NET Framework issue in XAML browser applications (XBAP), where an attacker can execute remote code if credentials are right.
Overall, Patch Tuesday this time around was a huge hit.
Now, get to work on the updates: