Patch Tuesday

[JMH]

June looks like a busy month for Microsoft, having set out to correct 27 vulnerabilities in total with the majority of the critical updates related to the company's web browser, Internet Explorer. As is the trend these days, Microsoft is patching most of the software due to holes in the software which allow for remote code execution and elevation of privilege by external intruders.

The updates will be available for download later today (Tuesday 12th June 2012) globally, but for most users who have Windows Update on automatic, they need not worry. Obviously those who update their computers or networks manually, we recommend updating as soon as possible.

Below is an overview of the affected software in this month's 'Patch Tuesday':

http://www.neowin.net/news/patch-tu...&utm_campaign=Feed:+neowin-main+(Neowin+News)

 

[zigzag3143]

Nice find thanks. Only 4 of them apply to win 8 RC. Two were netframework.

 

[JMH]

[h=1]Microsoft overhauls certificate management in response to Flame PKI hack[/h]

As part of its monthly “Patch Tuesday” security updates for June, Microsoft announced changes in how Windows manages certificates. These changes include a new automatic updater tool for Windows 7 and Windows Vista that will flag stolen or known forged certificates. This shift will have a huge impact on companies and software vendors who use Microsoft’s implementation of public key infrastructure as part of their authentication and software distribution—especially if they haven’t followed best practices for certificates in the past.

The changes come on the heels of revelations about the recently discovered Flame malware, which used a rogue certificate authority that masqueraded as Microsoft in order to hijack the Windows Update mechanism. On June 8, Microsoft made changes to its Update service to prevent such attacks in the future. The changes announced on June 11 go even further, moving to blunt the use of stolen or forged certificates of any kind from being used by malware writers and other attackers.

http://arstechnica.com/security/201...ate-management-in-response-to-flame-pki-hack/

 

[JMH]

Patch Tuesday June 2012 - Critical updates for IE, RDP, .NET, Flash and Java

As always Microsoft has released a batch of patches on the second Tuesday of the month. This month you will find seven bulletins have been released, three of which are critical and four important.

The critical ones really are critical this time around. The first, MS12-036, reminds me of MS12-020 back in March which we feared would turn into an RDP worm.
Fortunately it only resulted in denial of service, but MS12-036 may be the one we feared the last go around.

http://nakedsecurity.sophos.com/201...Feed:+nakedsecurity+(Naked+Security+-+Sophos)

 

[JMH]

Attention all Windows users: patch your systems now

Online attackers are actively exploiting a vulnerability in Internet Explorer that allows them to execute malicious code on computers that visit booby-trapped websites, researchers said in an advisory that underscores the importance of installing a Microsoft patch as soon as possible.

The exploit of a critical IE bug, reported by researchers from antivirus provider McAfee, means there are two newly disclosed vulnerabilities in Microsoft products under attack. On Tuesday, Microsoft warned of a separate vulnerability in all supported versions of Windows that was also actively being exploited.

http://arstechnica.com/security/2012/06/windows-users-patch-now/

 

[zigzag3143]

Microsoft scrambles as it patches 26 bugs, warns users of active attacks

Microsoft on Tuesday patched 26 vulnerabilities, including one in Internet Explorer (IE) that's already being exploited. The company also warned customers of a new zero-day attack and quashed yet another instance of a bug that the Duqu intelligence-gathering Trojan leveraged.

http://www.itworld.com/windows/2810...it-patches-26-bugs-warns-users-active-attacks