Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Patch Tuesday Swats 21 Security Bugs

Microsoft released fixes for 21 security vulnerabilities as part of this month’s Patch Tuesday.

The vulnerabilities are covered in nine separate bulletins, including four that are rated ‘Critical.’ The most serious of the updates is MS12-010, opined Jim Walter, manager of the McAfee Threat Intelligence Service at McAfee Labs. Aimed at Internet Explorer, the update fixes four privately reported vulnerabilities.

Microsoft released fixes for 21 security vulnerabilities as part of this month’s Patch Tuesday.

The vulnerabilities are covered in nine separate bulletins, including four that are rated ‘Critical.’ The most serious of the updates is MS12-010, opined Jim Walter, manager of the McAfee Threat Intelligence Service at McAfee Labs. Aimed at Internet Explorer, the update fixes four privately reported vulnerabilities.

“The Internet Explorer bulleting should be considered a top priority, as there’s a risk of code execution attacks,” Walter said. “If not attended to, browser exploits can be particularly harmful.”

MicrosoftOther security experts however said MS12-013 – which resolves a bug in the Microsoft C runtime-library – is the most interesting.

“At first glance, this bulletin looks like bad news, but so far the only attack vector is via Microsoft Media Player,” noted Andrew Storms, director of security operations for nCircle. “Patch this one right after you patch Internet Explorer—attackers will probably have exploits for this very shortly.”

The other critical bulletins include MS12-008, which addressed two vulnerabilities in Windows, and MS12-016, which fixes issues affecting the .NET Framework and Microsoft Silverlight that can be exploited to allow an attacker to remotely execute code.

The other five bulletins were rated ‘Important’, and affect Windows, Microsoft Office and Microsoft Server Software.

“Organizations should expect the trend of web browser and media player exploits to continue,” said Marcus Carey, security researcher at Rapid7. “Regardless of announced vulnerabilities, organizations should enforce policy and processes that reduce risk related to browser and media player exploits. The problem with browser and media player compromises is that the end-user is unaware that they have been compromised, which can lead to the kind of long term breaches we see reported in the news these days.”

Written By

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.