Security Market Segment LS
Wednesday, 15 August 2012 09:19

Patch Tuesday: Microsoft fixes 26 vulnerabilities

By

Microsoft has released nine security bulletins addressing 26 vulnerabilities in a wide range of software.

Five of this months security bulletins are rated critical and the remainder are classed as important.

A critical vulnerability in Windows Common Controls affects Office (2003, 2007, 2010), SQL Server (2000, 2005, 2008), Commerce Server (2002, 2007, 2009), Host Integration Server (2004), Visual FoxPro (8.0 and 9.0), and Visual Basic 6.0 Runtime.

This vulnerability - which allows remote code execution - has been used in targeted attacks, a Microsoft spokesperson stated.

Four issues with Internet Explorer (6, 7, 8, 9) have been addressed. The severity of these problems ranges from critical to moderate, depending on the version of the browser and the version of Windows that it is running on.

For example, the bulletin is considered critical for IE8 in Windows 7, but moderate for IE7 in Windows Server 2008.

Four vulnerabilities in Windows networking components are addressed this month, with the most serious allowing remote code execution to be triggered by sending a malicious response to a print spooler request.

This bulletin affects all currently supported versions of Windows.

Microsoft recommends that the above three bulletins should be prioritised.

CONTINUED


The other critical bulletins concern Remote Desktop Protocol (affects Windows XP) and Exchange's WebReady document viewing feature (Exchange 2007, 2010).

August's important bulletins affect Windows and Office. A kernel-mode driver vulnerability affects Windows 7, Vista, XP, and Server 2003 and 2008, while flaws in the JScript and VBScript engines need patching on the 64-bit versions of Windows 7, Vista, XP, and Server 2003 and 2008 (including Itanium versions).

The affected versions of Office are 2007 and 2010, plus Visio 2010 and Visio Viewer 2010.

Microsoft has also released an update that restricts the use of certificates with RSA keys of less than 1024 bits, and re-released a July bulletin for XML Core Services to add support for version 5.0.

The previous release only covered XML Core Services 3.0, 4.0 and 6.0,

The customary update to the Malicious Software Removal Tool was also released, along with multiple updates for Windows 7 and Server 2008 R2 to address various non-security issues, and update rollups for Small Business Server 2011, Home Server 2011, Storage Server 2008 R2 Essentials.

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments