The attack works when a user visits a specially crafted Web site, which assists an attacker in accessing a system and remotely installing malicious code. The affected programs include versions of Microsoft Office, SQL Server, Commerce Server and some Microsoft developer tools, such as Microsoft Visual FoxPro and the Visual Basic 6.0 runtime.Īlong with affecting every version of Windows, this fix should be a high priority because, according to Storms, the vulnerability has already been seen in the wild by Microsoft. "This component is included in so many Microsoft programs it affects almost every Microsoft user on the planet." "The 'deploy now' bulletin this month is MS12-027, a bulletin affecting the Windows Common Controls," explained Andrew Storms, director of security operations at security firm nCircle. That said, IT shops may want to prioritize bulletin MS12-027, as it secures a zero-day vulnerability in the Windows Common Control that could lead to a remote code execution attack if left unpatched. Four of the six fixes have been categorized as "critical" - Microsoft's most severe level.Microsoft defines a critical security issue as "a vulnerability whose exploitation could allow the propagation of an Internet worm without user action." News Microsoft's April Security Update Includes 4 'Critical' FixesĪpril's security update arrived today, packing six bulletins for 11 flaws.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |