Microsoft’s February 2012 Bulletins Comprise 9 Patches for 21 Flaws
Microsoft has issued one band of 9 security patches created for rectifying critical vulnerabilities within its Windows operating systems and Internet Explorer browser, in addition to others, published The H Security in news dated February 15, 2012.
Reportedly, according to the company, 4 of its latest patches plug critical holes within Internet Explorer (IE), Windows, Silverlight and .NET, with one problem within kernel-mode drivers of Windows which got publicly disclosed during December 2011.
One particularly critical bulletin is MS12-010, alternatively one collective security bulletin addressing IE that fixes 4 privately-reported flaws inside IE versions 6-9.
Exploiting these flaws allows an attacker to execute malware on an end-user's computer who must have accessed one specially-crafted website inside IE. A likewise flaw allowing execution of malware, named MS12-013, can be abused via holes within a runtime library called mscvrt.dll for running malware provided the affected end-user accesses a maliciously-designed movie file. The rest of the critical bulletins (MS12-016 and MS12-008) fix flaws within Silverlight, the .NET environment, and Windows kernel all of which too let execution of malware.
Disturbingly, any hacker who successfully exploits these flaws can enjoy identical privileges as that of the targeted computer's user.
Meanwhile, Microsoft's No.2 critical bulletin, which's MS12-013, fixes C Runtime Library that offers programming schedules when the system runs Windows OS. The flaws found within this service can make any PC vulnerable to running of arbitrary malware if used without the patches installed.
A pretty vital/important vulnerability was detected inside DLL component i.e. C Runtime Library; however, luckily it could be exploited only when Windows software operated.
Of the rest 5 vital/important bulletins are MS12-014 and MS12-012 that resolve DLL pre-loading problems within Indeo codecs and Color Control Panel respectively. Finally, MS12-011 patched user-rights elevation vulnerability within Microsoft SharePoint, requiring one craftily-designed website with which a hacker could steal data following exploitation of the weakness and thereby gaining user-privilege.
Eventually, Microsoft recommends all clients that they should instantly upgrade their products towards ensuring that they are defended from potentially malevolent activities, particularly as according to security specialists, bulk exploitations target previous un-patched flaws while seldom aim at zero-days.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 21-02-2012