Patch Tuesday Fixes Critical Holes

Thursday, February 16, 2012 @ 02:02 PM gHale

Patch Tuesday had Microsoft releasing nine bulletins to close 21 holes in its products, four of which were critical.

The critical vulnerabilities were in Windows, Internet Explorer, .NET and Silverlight, including an issue in the Windows kernel-mode drivers that became publicly known in December last year.

Waledac Botnet Returns
Hosting Site Stores Stolen Files
New Malware in New Botnet
Botnet Taken Down, then Resurfaces”
Malware with Customer Support

The company advises those responsible for prioritizing update deployment to focus on the critical patches for Internet Explorer and the C Runtime Library in Windows, as an attacker could exploit these to remotely execute arbitrary code on a victim’s system. For an attack to be successful, a user must first visit a malicious web page or open a specially crafted file. The other critical bulletins fix issues in .NET and Silverlight, as well as the Windows kernel. Microsoft said it has yet to see any active attacks exploiting those issues.

Rated as “important”, the remaining five bulletins correct remote code execution and privilege escalation issues.

These include six vulnerabilities in SharePoint and the Ancillary Function Driver in Windows that could allow elevation of privileges. Five holes in the Windows Color Control Panel, an issue in the Indeo Codec included with Windows, and five problems in Visio Viewer – part of Microsoft Office – that could remotely execute code have also been closed.

An overview of all of these updates, including descriptions about each of the vulnerabilities, can be found Microsoft Security Bulletin Summary for February 2012.

Leave a Reply

You must be logged in to post a comment.