Microsoft’s Security Update Fixes Critical Windows Flaw
Microsoft, this month (March 2012), has issued 6 security patches, fixing 7 flaws within its software applications after rating one flaw as "critical," 4 as "important" and 1 as "moderate," published SCMagazine dated March 13, 2012.
Understandably, the company's security update MS12-020 is the lone bulletin which's regarded "critical" as well as it takes care of 2 privately-reported flaws within RDP (Remote Desktop Protocol) that administrators ordinarily use for establishing remote connection with PCs elsewhere.
The said flaws are particularly attractive to online attackers, therefore Microsoft expects them to develop one attack code within 30 days which will enable to execute malware by abusing these flaws, states Jonathan Ness and Suha Can representing Microsoft Security Response Center Engineering. SCMagazine published this.
Two more bulletins, MS12-021 that plugs a hole within Visual Studio and MS12-022 that repairs problem in Microsoft Expression Design lets the utilization of vector graphics within software pertaining to the Web. An attacker exploiting the former vulnerability can gain privilege escalation by obtaining legitimate credentials, while the latter's exploitation can allow him conduct remote malware execution.
Another bulletin MS12-019 fixes a fault within Windows' DirectWrite, which may cause the program to collapse, provided the attacker sends one maliciously-designed Unicode sequence via the victimized user's messenger window.
Further as Microsoft says, one important patch MS12-017 impacts Windows Server 2003, 2008 R2 and 2008 when DOS vulnerability is addressed, which an attacker can otherwise abuse via dispatching to certain DNS server one malevolent DNS query.
In addition, MS12-018 impacts different Windows Server and Windows versions as it patches a flaw whose exploitation lets privilege escalation provided maliciously-designed software is executed. Categorized merely as "important," this bulletin is related to a breach that can solely happen when the attacker acquires valid credentials of the target computer alternatively gains local access.
Citing the stated flaw, director of security operations, Andrew Storms at nCircle based in San Francisco advised immediate installation of the patch else activation of Network Level Authentication inside RDP that'd significantly lessen the possibilities of attack as for an effective assault, valid credentials were essential. CRN published this on March 13, 2012.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 22-03-2012