In association with heise online

11 April 2012, 11:02

Patch Tuesday closes critical Windows, Office and IE holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Microsoft Patch icon As expected, on Tuesday 10 April Microsoft released six security bulletins that address a total of 11 vulnerabilities in its products, eight of which are considered to be critical. Four of the bulletins address critical holes in all supported versions of Windows, Internet Explorer (IE), the .NET Framework, Office and SQL Server, as well as Microsoft Server and Developer tools. All of these bugs could be exploited by attackers to remotely inject and execute malicious code on a victim's system via a specially crafted file.

One critical bulletin, MS12-024 notes a privately reported vulnerability which could allow attackers to modify existing signed executable files. Another, MS12-027, is an issue in Microsoft's common controls, used in numerous Microsoft applications, which can be exploited when a user visits a malicious site or opens an email attachment to allow remote code execution. An Internet Explorer bulletin, MS12-023, affects all supported versions of IE, closes 5 holes, one when printing a specially crafted HTML page and four when IE accesses deleted objects in various situations. The rating for these holes is either critical or moderate depending on the combination of operating system and IE version. Finally, MS12-025 closes a vulnerability in the .NET framework which allows attackers to "take complete control of an affected system".

The remaining two bulletins are rated as "Important" by Microsoft; they fix an additional remote code execution problem in Office and an information disclosure issue in Microsoft's Forefront United Access Gateway (UAG).

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit