Microsoft fixes five critical security flaws on Patch Tuesday

Summary:Roll up, roll up, prepare your servers for patching. Microsoft has released fixes for more than two dozen security flaws -- including five critical issues.

Microsoft has released a bevy of software updates to its most popular products in order to protect against the nasties that float around on the Web. 

All in all, 26 vulnerabilities will be patched with Microsoft's latest update. Five are rated critical meaning they should be applied immediately. 

The Redmond, WA.-based software giant said last week in its advance notification that five of the patches are for critical vulnerabilities  for workstations and servers alike.

The most important above all is MS12-060 which patches a flaw in Windows Common Control, allowing in hackers from malware-laced Rich Text Format (RTF) documents and Office documents, including through malicious websites.

Three of the patches in total fix flaws that would allow attackers to exploit machines through "specially crafted" webpages. 

"The malicious file could be sent as an email attachment as well, but the attacker would have to convince the user to open the attachment in order to exploit the vulnerability," Microsoft noted.

Kaspersky Labs' Threatpost says this is flaw is being actively exploited.

MS12-052 resolves four reported vulnerabilities in Internet Explorer that would allow hackers to access the computer as the current users permissions level. If users are 'administrators,' this could put at risk the whole computer, including system files.

Other flaws affect Remote Administration Protocol (RAP), Internet Explorer versions 6, 7, 8, and 9, and Windows XP's Remote Desktop Protocol (RDP). Another flaw exists in a module in Outlook Web Access (OWA) part of Microsoft's Exchange email server.

Microsoft has also released an updated version of the Microsoft Windows Malicious Software Removal Tool through the usual update channels, such as Windows Update and Microsoft Update, and Windows Server Update Services. All patches are available through Microsoft's update services and the Download Center.

Put on a fresh pot of coffee and get patching.

Topics: Security, Browser, Malware, Privacy, Windows

About

Zack Whittaker writes for ZDNet, CNET, and CBS News. He is based in New York City.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.