Microsoft Releases Security Bulletins of its April Order
Microsoft issued a total of 6 security patches that fixes 11 flaws wherein the company assigned 4 flaws within its Office, Internet Explorer, Windows and many more of its products as "critical." One of the critical flaws is already being exploited, so published pcworld.com dated April 11, 2012.
Microsoft names the critical flaw's update as MS12-027, the flaw reportedly found inside Windows Common Controls that if exploited can help execute malware remotely by making the user visit one malevolent website.
The bug is prone to exploit also via 'drive-by downloads,' which mechanically activates the flaw, provided users of Internet Explorer (IE) access a malicious website.
Microsoft explained that the flaw resulted whilst IE had the ActiveX control namely MSCOMCTL.OCX enabled, and which so corrupted the computer's functioning that an attacker could conveniently run arbitrary malware.
Engineer Elia Florio with the Microsoft Security Response Center stated that Microsoft regarded MS12-027 with the topmost importance in April 2012 as it knew about only few, personalized assaults exploiting the CVE-2012-0158 security flaw via maliciously-created Office documents. Pcworld.com published this.
Furthermore, the MS12-025 update is for 'critical' vulnerability, which essentially lets execution of remote malware in the context of any client system provided the user accesses a maliciously-created web-page through any browser where XBAPs (XAML Browser Applications) are used.
Another bulletin MS12-023, assigned the 'critical' rating, addresses many vulnerabilities within all supported editions of IE. These vulnerabilities pose a high danger if cyber-criminals use them for spreading their malware via the Web, which already is extremely popular among them. Possibly, exploits will appear soon for these loopholes.
Yet another patch MS12-024, which Microsoft launched, fixes a critical hole in Windows' Authenticode Signature Verification, which verifies software before its substantiation with digital signatures.
Alongside critical security updates, Microsoft launched MS12-026 for 'important' flaws within Microsoft Forefront UAG (Unified Access Gateway). For those of the flaws, which are severer, their exploitation can disclose information after the attacker transmits one maliciously-created request onto the UAG system.
Finally, the bulletin MS12-028 is for an 'important' flaw associated with execution of remote code with Web-surfers viewing malevolently-created Microsoft Works file within its Office suite.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 18-04-2012