ID: IRCNE2012071549
Date: 2012-07-12
According to "zdnet", Microsoft released a critical security patch to cover a zero-day flaw that was being used by "nation-state attackers" to hijack Gmail accounts.
The vulnerability, originally disclosed on June 13, affects Microsoft XML Core Services and can be exploited to launch remote code execution attacks.
The MS12-043 bulletin headlines a heavy Patch Tuesday that includes nine bulletins -- three critical, six important -- covering 16 documented software vulnerabilities.
This month's patch batch covers dangerous security holes in the Windows operating system, the Internet Explorer browser, Visual Basic for Applications and Microsoft Office.
The company is also urging Windows users to pay special attention to MS12-045, a critical bulletin that covers a remote code execution flaw haunting Microsoft Data Access Components (MDAC).
"The issue exists in all versions of Windows, and users of any version of Internet Explorer would potentially be vulnerable to it; however, we received word of this issue through private disclosure and we have no evidence that it is publically known or under exploit in the wild. Still, we recommend that customers read the bulletin information and apply it as soon as possible," Microsoft said.
The other six bulletins are all rated "important" and affects Windows, Visual Basic for Applications, and Office, including SharePoint and Office for Mac.
- 2