ID: IRCNE2012061523
Date: 2012-06-13
According to "zdnet", Microsoft warned that cyber-criminals could soon aim exploits at critical security flaws in Internet Explorer browser and Windows to hijack and take complete control of vulnerable machines.
The warning comes as part of this month’s Patch Tuesday where Microsoft released 7 bulletins with fixes for at least 26 documented vulnerabilities affecting the Windows ecosystem.
The company is urging users to pay special attention to MS12-037 and MS12-036, which provides cover for “remote code execution” vulnerabilities that could be used in worm attacks and drive-by downloads without any user interaction.
MS12-037, which affects all supported versions of the IE browser, fixes 13 vulnerabilities that expose users to computer hijack attacks if a user simply surfed to a rigged web site.
The second high-priority bulletin is MS12-036, which covers a dangerous flaw in the way Microsoft implements the Remote Desktop Protocol (RDP) in Windows. “Attack vectors for this issue include maliciously crafted websites and e-mail,” the company warned.
This security update resolves one privately reported vulnerability in the Microsoft .NET Framework.
In addition to the security bulletins, Redmond’s security response team is also releasing an automatic updater feature for Windows Vista and Windows 7 untrusted certificates.
With this new feature, Windows will check daily for updated information about certificates that are no longer trustworthy. In the past, movement of certificates to the untrusted store required a manual update. We encourage all customers to install this new feature immediately.
- 2