On Tuesday, Microsoft issued 6 security bulletins, 4 of them critical, and 2 important updates. The bulletins fix a total of 11 vulnerabilities in Windows, Microsoft Office, and Internet Explorer.
According to Microsoft, the company has already observed targeted malware attacks taking advantage of the MS12-027 vulnerability. In order to mitigate the risks posed by these currently circulating targeted attacks, the company is advising users to disable the ActiveX controls via the Trust Center Settings > ActiveX Settings, option.
More details:
The patched vulnerabilities are as follows:
- MS12-023 – Cumulative Security Update for Internet Explorer (2675157)
- MS12-024 – Vulnerability in Windows Could Allow Remote Code Execution (2653956)
- MS12-025 – Vulnerability in .NET Framework Could Allow Remote Code Execution (2671605)
- MS12-027 – Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)
- MS12-026 – Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860)
- MS12-028 – Vulnerability in Microsoft Office Could Allow Remote Code Execution (2639185)
The severity and exploitability of these flaws is as follows:
End and corporate users are advised to update their PCs as soon as possible to prevent the likelihood of a successful remote exploitation thanks to these vulnerabilities.
You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.