Microsoft drops IE, Windows fixes on Patch Tuesday

By

Two critical patches listed as highest priority.

Microsoft on Tuesday sprung six patches to correct 19 vulnerabilities across its product line.

Microsoft drops IE, Windows fixes on Patch Tuesday

It said most pressing was two of the four "critical" patches, led by MS12-071, which addressed three previously unknown vulnerabilities in Internet Explorer 9. Internet Explorer 10 was not affected.

Likmost browser vulnerabilities of this nature, users could be infected by drive-by download.

The other critical fix of note was MS12-075, which involved three privately reported TrueType font file flaws in the Windows kernel.

"Microsoft has been dealing with font issues for a while," Paul Henry, security and forensic analyst at Lumension.

"TrueType fonts can be embedded all over the place, and Windows kernel mode driver renders the font. If these fonts are embedded in a browser or a Word document, for example, it's rendered in the kernel mode driver and winds up becoming a kernel mode exploit."

In the past, this class of vulnerability has been used to spread sophisticated malware, such as the espionage trojan Duqu.

A further two critical patches were listed including two remote-code vulnerabilities in Windows Briefcase versions XP through 7, and another that addressed five bugs in the .NET Framework. 

Of the remaining bulletins, one is rated important and involved an Excel flaw, while the other was  deemed moderate and corrected a single vulnerability in Internet Information Systems, which "could allow information disclosure if an attacker sends specially crafted FTP commands to the server," according to Microsoft.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?