14 DAY TRIAL // On Tuesday, April 10th, 2012, Microsoft released a new security patch for its products, as part of the monthly updates it has been pushing out for the past years.
The new security release includes no less than six bulletins, just as announced last week in an advance notification, and patches a total of eight Critical vulnerabilities, along with three other security breaches rendered Important.
The first bulletin in the update, MS12-023, is targeted at Internet Explorer and aims at resolving five flaws discovered in the application.
“The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer,” Microsoft explains.
The second bulletin, MS12-024, resolves a privately reported vulnerability in Windows that could allow remote code execution, provided that the user installed a specific portable executable (PE) file.
With the new security update, Microsoft also patches a privately reported vulnerability in Microsoft .NET Framework that could allow remote code execution “if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs).”
The fourth bulletin in this update rated critical is MS12-027, which is destined to resolve a security issue in Windows common controls, and which affected Microsoft Office, Microsoft SQL Server, Microsoft Server Software, and Microsoft Developer Tools.
Additionally, two important security breaches in Microsoft Forefront United Access Gateway were resolved with bulletin MS12-026, while another one affecting Microsoft Office was patched with the MS12-028 update.
“Today we released 6 security bulletins. Four have a maximum severity rating of Critical with the other two addressing Important class vulnerabilities,” Jonathan Ness, MSRC Engineering, notes in a blog post.
When it comes to prioritizing the deployment of these updates, Microsoft notes that the MS12-027 update should be installed first, followed by MS12-023, MS12-024 and MS12-025. The MS12-028 and MS12-026 bulletins rated Important can be installed last.
Also as part of this software update, Microsoft released a new version of its Malicious Software Removal Tool, which is available for download from Softpedia as well, via this link.
Specific info on each of the security patches included in this update can be found in Microsoft’s Security Bulletin Summary for April 2012.
