14 DAY TRIAL // On Tuesday, Microsoft pushed out a new batch of security updates for several products that have been discovered to suffer from various vulnerabilities.
A total of seven bulletins were included in this month’s update, three of which are rated Critical, while the other four are deemed Important. Overall, these bulletins patch no less than 26 vulnerabilities.
The three Critical bulletins are meant to patch security issues that could result in Remote Code Execution, and which affected Microsoft Windows, Internet Explorer, and Microsoft .NET Framework.
Bulletin MS12-036 was issued to resolve a security breach in the Remote Desktop Protocol that could have been exploited through sending a sequence of specially crafted RDP packets to an affected system. Computers without an enabled Remote Desktop Protocol were not affected.
The second bulletin in the suite, MS12-037, was delivered as a Cumulative Security Update for Internet Explorer and was meant to patch no less than 13 vulnerabilities in the application.
“The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user,” Microsoft explains.
Bulletin MS12-038 came with a patch for an issue in .NET Framework, which could allow remote code execution on a client system, provided that the user views a specially crafted webpage on a web browser capable of running XAML Browser Applications (XBAPs).
Of the four said Important bulletins in June 2012’s update, one could allow for remote code execution, while the other three could result in Elevation of Privilege, if exploited successfully.
Bulletin MS12-039 was issued to patch publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft Lync, which would have been exploited if the user viewed shared content that included specially crafted TrueType fonts.
The fifth bulletin in the update suite, MS12-040, was destined to resolve one privately reported vulnerability in Microsoft Dynamics AX Enterprise Portal. The issue affected Microsoft Dynamics AX and could allow elevation of privilege when a user clicked a specially crafted URL.
Bulletin MS12-041 came to resolve five privately reported vulnerabilities in Microsoft Windows. The breach could have been exploited only if the attacker had valid logon credentials and was logged in locally.
The last of the bulletins, MS12-042, was issued to fix one privately reported vulnerability and one publicly disclosed vulnerability in Microsoft Windows. Both could have been exploited only locally and only through using valid logon credentials.
These security updates have already started to arrive on Windows PCs through the Windows Update service. Those users who have the feature enabled will receive it automatically. Those who don’t need to perform manual updates of their systems.
