Microsoft to release seven bulletins next week
Posted on 08 June 2012.
The Microsoft Security Bulletin Advance Notification for June 2012 lists seven bulletins, three of which are rated “critical” and four “important.” The three critical alerts all allow attackers to remotely execute code. With all the recent security news, it’s likely organizations need to roll up their sleeves this month anyway.

Bulletin 1 affects all modern Windows distributions, which means it will affect both business and consumers.

Bulletin 2 is also labeled as critical and affects Internet Explorer 7, 8, and 9. When it comes to remote code execution, browser exploits provide the most bang for buck.

Bulletin 3 is a critical vulnerability that affects Microsoft Windows and the .NET Framework. We've seen several vulnerabilities related to .NET recently. In the past, these types of vulnerabilities exploit systems if a user views a specially crafted webpage using a web browser.

Bulletin 4, which is labeled as important, will likely patch a vulnerability related to how Microsoft Office handles Visual Basic. A victim will likely be compromised if they are duped into opening malicious documents or files.

Bulletin 5 is related to Microsoft Dynamics AX 2012, which is a Microsoft enterprise resource planning software product. Bulletin 5 is labeled as important. The actual usage of this product is uncertain; however, it's safe to assume this vulnerability will not affect a huge number of organizations or consumers. If successfully exploited, this bulletin would result in an escalation of privileges.

Bulletins 6 and 7 are rated important and affect Microsoft operating systems, which could result in an escalation of privileges if successfully compromised. These are the types of bugs which can be exploited at kiosks and other types of multi-user terminals. Bulletin 6 is applicable to all modern Windows operating systems, while Bulletin 7 affects several of the Windows operating systems but not all, which is a bit strange. Both Bulletins 6 and 7 will affect both business and consumers.


Author: Marcus Carey, security researcher at Rapid7.





Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //