Microsoft to release seven bulletins next week
Posted on 08 June 2012.
The Microsoft Security Bulletin Advance Notification for June 2012 lists seven bulletins, three of which are rated “critical” and four “important.” The three critical alerts all allow attackers to remotely execute code. With all the recent security news, it’s likely organizations need to roll up their sleeves this month anyway.

Bulletin 1 affects all modern Windows distributions, which means it will affect both business and consumers.

Bulletin 2 is also labeled as critical and affects Internet Explorer 7, 8, and 9. When it comes to remote code execution, browser exploits provide the most bang for buck.

Bulletin 3 is a critical vulnerability that affects Microsoft Windows and the .NET Framework. We've seen several vulnerabilities related to .NET recently. In the past, these types of vulnerabilities exploit systems if a user views a specially crafted webpage using a web browser.

Bulletin 4, which is labeled as important, will likely patch a vulnerability related to how Microsoft Office handles Visual Basic. A victim will likely be compromised if they are duped into opening malicious documents or files.

Bulletin 5 is related to Microsoft Dynamics AX 2012, which is a Microsoft enterprise resource planning software product. Bulletin 5 is labeled as important. The actual usage of this product is uncertain; however, it's safe to assume this vulnerability will not affect a huge number of organizations or consumers. If successfully exploited, this bulletin would result in an escalation of privileges.

Bulletins 6 and 7 are rated important and affect Microsoft operating systems, which could result in an escalation of privileges if successfully compromised. These are the types of bugs which can be exploited at kiosks and other types of multi-user terminals. Bulletin 6 is applicable to all modern Windows operating systems, while Bulletin 7 affects several of the Windows operating systems but not all, which is a bit strange. Both Bulletins 6 and 7 will affect both business and consumers.


Author: Marcus Carey, security researcher at Rapid7.





Spotlight

New Zeus variant targets users of 150 banks

Posted on 19 December 2014.  |  A new variant of the infamous Zeus banking and information-stealing Trojan has been created to target the users of over 150 different banks and 20 payment systems in 15 countries, including the UK, the US, Russia, Spain and Japan.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Mon, Dec 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //