Think Information. Think Security.
The Microsoft Security Bulletin Summary for July 2012 contains nine security bulletins addressing 16 CVEs. Three of the bulletins are rated critical and the other six are rated important.

MS12-043 addresses CVE-2012-1889 vulnerability that is actively being exploited in the wild, and Microsoft predicts that MS12-044, critical cumulative Security Update for Internet Explorer that patches vulnerabilities that only affect Internet Explorer version 9 and MS12-045, critical bulletin that patches vulnerabilities in Microsoft Data Access Components (MDAC) that have reliable exploit tagreting vulnerabilities likely added to mass malware kits  such as Blackhole Exploit Kit once reliable code is available within 30 days.

Organizations should be aware that this update only patches MSXML versions 3, 4, and 6.All active exploitation has been leveraging attacks against MSXML version 3.

The three critical bulletins should be tested and patched as soon as possible. Of the important bulletins, MS12-046 which addresses a DLL Preloading vulnerability related to Visual Basic for Applications [VBA] and MS12-048 should be next on everyone's “Must Patch” list. MS12-046 and MS12-048 can both exploit victims who navigate to malicious WebDAV or SMB shares and opens malicious files in the malicious directory. These two bulletins are primed for spear phishing attacks.

Cross-posted from: Help Net Security
9/10/2012 12:08:04 am

Wow! I am really impressed by the way you detailed out everything. It is really going to help me a lot. Thanks for sharing your thoughts so clearly.


Leave a Reply.