Microsoft patches vulnerabilities in Office, Internet Explorer and Windows


Continuing its series of monthly patch updates, some being “regular” scheduled releases and some being “out of band”, Microsoft has so far released six bulletins this month with four of the total being listed as “critical updates”.


Vulnerabilities have been highlighted (and subsequently addressed) in Microsoft Office, Internet Explorer, the .NET developer Framework, and Windows itself, as well asa variety of the company’s Server and Developer tool products.


Focused on potential weaknesses that could lead to “remote code execution” the updates affect versions of Windows, from Windows XP Service Pack 3 edition right up to Windows Server 2008 R2. The single critical update for Internet Explorer spans versions 6, 7, 8 and 9 of the browser.


Bulleting ID’s and summaries


MS12-023 is intended to resolve five “privately reported” vulnerabilities in Internet Explorer. Microsoft specifies that the most severe vulnerabilities could allow remote code execution if a user views a specially crafted (and compromised) webpage using Internet Explorer.


MS12-027 is intended to resolve problems with what Microsoft calls Windows common controls which could be exploited via a compromised website. This vulnerability relies on an attacker being able to convince users to visit a malicious website, typically via a link or email (or instant) message, but also transmittable via an attachment if a user can be persuaded to open the compromised file.


MS12-028 is a security update designed to resolve a privately reported vulnerability in Microsoft Office and Microsoft Works. The vulnerability could allow remote code execution if a user opens a specially crafted Works file. Three other bulletin updates are also included in this month’s patch reports.


As comprehensive as Microsoft’s updates still appear to be for its legacy operating systems, the company has detailed that it will stop supporting XP in April of 2014. This will represent a significant event for many as reports suggest that Windows XP still has an installed base of around 35% worldwide, with particularly high percentages seen in some parts of Asia at over 70%.