14 DAY TRIAL // Today, Microsoft started to deliver a new security update for its users, solving a total of 21 vulnerabilities that have been reported in its products.
The new security update includes a number of no less than 9 bulletins, four of which are deemed Critical, while the other five are rated Important.
On February 9th, Microsoft released a bulletin advance notification to inform on the upcoming release of this security update, and has now just delivered some more detailed info on the matter.
The aforementioned four Critical security bulletins included in today’ update are meant to solve nine security breaches in Windows Kernel-Mode Drivers, Internet Explorer, C Run-Time Library and .NET Framework and Microsoft Silverlight that would affect Windows, Internet Explorer, and apps relying on.NET Framework and Silverlight.
These critical vulnerabilities were either privately reported or publicly disclosed and could allow Remote Code Execution, provided that the user visited a specific web page or viewed a specially crafted media file.
“An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user,” Microsoft announced.
As for the aforementioned important security bulletins in the new update, they are meant to solve 12 vulnerabilities in Ancillary Function Driver, Microsoft SharePoint, Color Control Panel, Indeo Codec and Microsoft Visio Viewer 2010 that affected Windows, Office and Server Software.
The first two of these bulletins fix five vulnerabilities that could allow Elevation of Privilege if an attacker “logs on to a user's system and runs a specially crafted application” or “if a user clicked a specially crafted URL.”
The other three bulletins fix security breaches that could allow Remote Code Execution. An attacker could gain the same rights as the logged-on user and run arbitrary code, install applications, or view, change, or delete data.
The new security update has already started to arrive on Windows PCs with the Automatic update feature turned on. Those who do not have this feature enabled should perform a manual update of their systems.
Detailed information on these bulletins and the vulnerabilities they resolve can be found in Microsoft’s Security Bulletin Summary for February 2012.