July 2012 Microsoft Super Tuesday
Posted by Shane Garrett on July 10, 2012 at 11:33 AM EDT.
Microsoft released nine bulletins this July. Below are our thoughts on the three bulletins we thought the most relevant which were also rated critical by Microsoft. It is extremely important to apply the MS12-043 update as this vulnerability is seeing active exploitation.
- MS12-043 : Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
- MS12-045 : Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution
This bulletin addresses a vulnerability, CVE-2012-1891,, in the Microsoft Data Access Components. This vulnerability in the use of uninitialized data can be exploited for remote code execution. Exploit script code can be placed into a web-page, allowing for attacker supplied code to be run when rendering a malicious site. This update should be definitely be applied.
- MS12-044 : Cumulative Security Update for Internet Explorer
This bulletin addresses two vulnerabilities in Internet Explorer, both of which could be exploited to gain remote code access. Both of these are related to dynamic manipulation of DOM. Though not publicly disclosed, these vulnerabilities could be reverse engineered and imbedded into web-pages. This and any critically rated remote code execution bugs in Internet Explorer should be patched quickly.