Latest news
The Microsoft Security Bulletin Advance Notification for June 2012 lists seven bulletins, three of which are rated “critical” and four “important.” The three critical alerts all allow attackers to remotely execute code. With all the recent security news, it’s likely organizations need to roll up their sleeves this month anyway.Bulletin 1 affects all modern Windows distributions, which means it will affect both business and consumers.
Bulletin 2 is also labeled as critical and affects Internet Explorer 7, 8, and 9. When it comes to remote code execution, browser exploits provide the most bang for buck.
Bulletin 3 is a critical vulnerability that affects Microsoft Windows and the .NET Framework. We've seen several vulnerabilities related to .NET recently. In the past, these types of vulnerabilities exploit systems if a user views a specially crafted webpage using a web browser.
Bulletin 4, which is labeled as important, will likely patch a vulnerability related to how Microsoft Office handles Visual Basic. A victim will likely be compromised if they are duped into opening malicious documents or files.
Bulletin 5 is related to Microsoft Dynamics AX 2012, which is a Microsoft enterprise resource planning software product. Bulletin 5 is labeled as important. The actual usage of this product is uncertain; however, it's safe to assume this vulnerability will not affect a huge number of organizations or consumers. If successfully exploited, this bulletin would result in an escalation of privileges.
Bulletins 6 and 7 are rated important and affect Microsoft operating systems, which could result in an escalation of privileges if successfully compromised. These are the types of bugs which can be exploited at kiosks and other types of multi-user terminals. Bulletin 6 is applicable to all modern Windows operating systems, while Bulletin 7 affects several of the Windows operating systems but not all, which is a bit strange. Both Bulletins 6 and 7 will affect both business and consumers.
Author: Marcus Carey, security researcher at Rapid7.
Spotlight
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
Application vulnerabilities still a top security concern
Posted on 16 May 2013. | Respondents to a new (ISC)2 study identified application vulnerabilities as their top security concern. A significant gap persists between software developers’ priorities and security professionals’ concerns.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Hacking charge stations for electric cars
Posted on 15 May 2013. | Ofer Shezaf talks about what charge stations really are, why they have to be ‘smart’ and the potential risks created to the grid, to the car and most importantly to its owner’s privacy and safety.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
