Microsoft Releases Over 20 Fixes for Range of Windows Vulnerabilities

Windows 7 Security Fixes

Mostly routine maintenance for Microsoft as 23 fixes are available for download..

Aside from one critical vulnerability, Microsoft has released 23 fixes for a range of Windows services

Yesterday, May 8, Microsoft released 23 fixes for vulnerabilities across SkyDrive, Microsoft Windows, Office and the .NET framework. A particular security flaw exposed potentially billions of users to attacks, and Microsoft has said all Windows users receiving the update should download it immediately.

That update is called MS12-034, and has been described as critical by Microsoft. It patches 10 security holes, so Microsoft has been quick to close the holes. The update patches three publicly disclosed exploits and privately reported exploits that have been reported across the aforementioned services. Some updates would allow remote code access if not applied, hence the warning from Microsoft. Remote code access basically means an attacker could gain acess to a computer, though it’s to be stressed that some flaws require user credentials and a local log-in. So there’s no reason to worry ifi the updates are applied.

The attackers are using traditional methods to gain access to computers, which I’m sure everyone is aware of: sending links to malicious websites through e-mail or IM programs. Basically, don’t click on them and you’ll be fine.

Microsoft also says the MS12-029 update should be applied immediately, which patches a flaw in Office. Again, the company warns users to be aware of malicious website and e-mails.

Other patches

The MS12-030 updates fixes one publicly disclosed and five privately disclosed issues in Office. These also allow for remote code execution provided the attacker gains the log-in rights, though that’s a big if. Also, Microsoft says the less user rights mean that less damage can be done. A similar Office flaw, patched through MS12-031 update, grants attackers access to computers if a Visio file is opened. The implications are the same as the 030 Office update if not applied.

The 032 update allows attackers to gain access to computers by running a specific application. The 033 update is the flaw which I mentioned can also be exploited if a local login is gained and user credentials are known, and the update patches and exploit in Windows.

Aside from the critical update, don’t worry: just backup and update. It’s around 100MB.

Published: Wednesday, May 9th, 2012 Last Modified: May 9, 2012

Related Posts

Rate This Article