Microsoft fixes five critical security flaws on Patch Tuesday

Microsoft fixes five critical security flaws on Patch Tuesday

Summary: Roll up, roll up, prepare your servers for patching. Microsoft has released fixes for more than two dozen security flaws -- including five critical issues.

SHARE:

Microsoft has released a bevy of software updates to its most popular products in order to protect against the nasties that float around on the Web. 

All in all, 26 vulnerabilities will be patched with Microsoft's latest update. Five are rated critical meaning they should be applied immediately. 

The Redmond, WA.-based software giant said last week in its advance notification that five of the patches are for critical vulnerabilities for workstations and servers alike.

The most important above all is MS12-060 which patches a flaw in Windows Common Control, allowing in hackers from malware-laced Rich Text Format (RTF) documents and Office documents, including through malicious websites.

Three of the patches in total fix flaws that would allow attackers to exploit machines through "specially crafted" webpages. 

"The malicious file could be sent as an email attachment as well, but the attacker would have to convince the user to open the attachment in order to exploit the vulnerability," Microsoft noted.

Kaspersky Labs' Threatpost says this is flaw is being actively exploited.

MS12-052 resolves four reported vulnerabilities in Internet Explorer that would allow hackers to access the computer as the current users permissions level. If users are 'administrators,' this could put at risk the whole computer, including system files.

Other flaws affect Remote Administration Protocol (RAP), Internet Explorer versions 6, 7, 8, and 9, and Windows XP's Remote Desktop Protocol (RDP). Another flaw exists in a module in Outlook Web Access (OWA) part of Microsoft's Exchange email server.

Microsoft has also released an updated version of the Microsoft Windows Malicious Software Removal Tool through the usual update channels, such as Windows Update and Microsoft Update, and Windows Server Update Services. All patches are available through Microsoft's update services and the Download Center.

Put on a fresh pot of coffee and get patching.

Topics: Security, Browser, Malware, Privacy, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

39 comments
Log in or register to join the discussion
  • Let's get this over with, fanboys...

    Why is windows so insecure linux never needs these kinds of patches or virus scanners and there's never any malware and if there is then it's only a trojan which doesn't count and when I patch a linux server I never have to reboot and even if I do then it's only because it was a really big system patch and anyway I never have to patch because linux is completely secure and never has these kinds of vulnerabilities and its free and open and everyone and his dog can read the source code so that means everyone is reading the source code and all these exploits are found before they can cause any damage and if there is an exploit then I can patch it without rebooting and then be completely secure and that's why Linux runs the internet and my phone and my PVR and ZDnet and Google and Facebook and my fridge and my stove and my watch and my car and my Mountain Dew.

    Did I miss anything? No? Good.
    daftkey
    • Why are you so threatened by Linux?

      Really fanbui, you need to ask yourself that question before you go any further.
      CaviarBlack
      • You've got it backwards

        The correct question is why are Linux advocates so threatened by Windows?
        ye
        • If you need to ask that dyslexic question, ye

          Then you've been in the basement too long.
          CaviarBlack
          • Nothing dyslexic about it.

            You had it wrong.
            ye
          • No you still had it wrong

            You read it backwards.

            Or would you rather see it as sdrawkcab?

            lol...
            CaviarBlack
          • Anyway, Linux is overrated.

            I really think Microsoft has a pretty decent shot with Win8. I'm just don't have big enough balls to upgrade from Vista.
            CaviarBlack2
          • You don't have any balls period

            You had them cut off when you had your sex change.

            lol...
            CaviarBlack
      • Oh yes, I almost forgot that one..

        "Why are you so threatened by Linux?"

        Oh yes - how could I forget that one? I'll make sure to append my preemptive comment next time.
        daftkey
    • So who's safe anyhow?

      Why are HOUSES so insecure? Answer: Because thieves have learned people put valuable things in them -- and are ingenious in finding ways to gain entry.

      .
      ka5s@...
  • Let's get this over with, fanboys...

    Why is windows so insecure linux never needs these kinds of patches or virus scanners and there's never any malware and if there is then it's only a trojan which doesn't count and when I patch a linux server I never have to reboot and even if I do then it's only because it was a really big system patch and anyway I never have to patch because linux is completely secure and never has these kinds of vulnerabilities and its free and open and everyone and his dog can read the source code so that means everyone is reading the source code and all these exploits are found before they can cause any damage and if there is an exploit then I can patch it without rebooting and then be completely secure and that's why Linux runs the internet and my phone and my PVR and ZDnet and Google and Facebook and my fridge and my stove and my watch and my car and my Mountain Dew.

    Did I miss anything? No? Good.
    daftkey
    • Wow.. first comment of the day, and already having problems...

      ..way to go ZDnet.
      daftkey
      • If linux is running the internet and ZDNet,

        your problem must have been due to linux! Time to download another linux server patch!
        randysmith@...
        • The irony is not lost

          No doubt, if ZDnet were running this horrible forum software on a Windows server, we'd never be able to keep up with the endless "Windows is screwing up ZDnet" rants.

          The funniest thing - even this horrible forum software doesn't stop some rabid fanatics from pointing out that the website runs on Linux, as if it should be counted as some kind of a win!
          daftkey
          • Yes, and can hold my hands out

            And heal people with my hands. I am GOD.
            CaviarBlack
          • daftkey, you're the one that made the statement

            that this site runs on linux. Are you the rabid fanboi? My point was satirical, but maybe you just don't get that ;-) Let's see if I can explain this - you pointed out linux runs the internet and ZDNet, and then complain that ZDNet does not work, and all this has NOTHING to do with the original article, which was a description of Windows updates.
            randysmith@...
          • I wasn't the first..

            I was merely parroting a common little point that other fanboi's like to trot out as evidence that Linux rules the world, and that said point is rather ridiculous, given the context.

            I'm aware this is an article about Microsoft. See Zack's last article about "Patch Tuesday" to see how quickly the topic of most comments shifts to a Windows vs. Linux debate. Seems the fanatics jump on these articles faster than Steve Wozniak jumps on a twinkie.
            daftkey
          • Still scared by that 2%

            Poor poor daffy

            (sigh)
            CaviarBlack
      • ZDNet has the absolute worst forum software

        They should be embarrassed. They're a technical publication and have forum software which is horrible and easily surpassed by website which have no technical focus what-so-ever. Why ZDNet continues to use garbage forum software is puzzling.
        ye
        • That's your twitchy finger, ye

          You keep hitting the "Submit" button too many times. Just like your pal daffy up above.
          CaviarBlack