Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Patches 26 Vulnerabilities in August Security Update

Microsoft released nine security bulletins today addressing 26 vulnerabilities in its products.

Five of the bulletins are rated ‘critical’, and cover issues in Windows, Internet Explorer, Microsoft SQL Server, Microsoft Exchange, Server Software and Developer Tools. From a priority standpoint, Microsoft recommended organizations deploy three critical updates first – MS12-060, MS12-052 and MS12-054.

Microsoft released nine security bulletins today addressing 26 vulnerabilities in its products.

Five of the bulletins are rated ‘critical’, and cover issues in Windows, Internet Explorer, Microsoft SQL Server, Microsoft Exchange, Server Software and Developer Tools. From a priority standpoint, Microsoft recommended organizations deploy three critical updates first – MS12-060, MS12-052 and MS12-054.

Microsoft Patch Tuesday August 2012“At the top of the Microsoft list is another MSCOMCTL-related bug,” said Andrew Storms, director of security operations at nCircle.

Storms was referring to MS12-060, which addresses a vulnerability in Windows common controls that could enable remote code execution through drive-by downloads.

 “There is some good news this month—that the attack vector associated with the MSCOMCTL patch is an RTF file—and the victim has to explicitly open the file to allow the exploit,” he said. “If you can’t get this patch rolled out or mitigation applied quickly, you should remind users about the dangers of opening attachments from unknown persons.”

MS12-052 addresses four vulnerabilities affecting Internet Explorer. None of them are known to be under attack, however successful exploitation via drive-by downloads could result in remote code exaction. Like MS12-052, MS12-054 also addresses four vulnerabilities, though in this case in Microsoft Windows. The most severe of the bugs could enable an attacker to remotely execute code if the attackers send a specially-crafted response to a Windows print spooler request.  

“MS12-054 contains a sprint spooler bug with a potentially wormable condition, Storms said, meaning attackers are going to focus carefully on the vulnerability “to uncover all of its potential.”

“This is something that predominately affects small business and campus locations where Windows computers are configured in workgroups,” he said. “If this describes your business, deploy this patch as soon as you can.”

Advertisement. Scroll to continue reading.

The other two critical bulletins deal with vulnerabilities in Microsoft Exchange Server WebReady Document Viewing and the Remote Desktop Protocol.  By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system, and systems that do not have RDP enabled are not at risk, according to Microsoft.

The remaining bulletins are rated ‘Important’ and address issues in Windows and Office.

In the video below, Qualys CTO Wolfgang Kandek and Amol Sarwate, vulnerability labs director at Qualys, discuss the Microsoft Patch Tuesday release for August 2012, along with other updates released by Adobe.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.