Last Updated on Wednesday, 15 August 2012 17:00 Published on Wednesday, 15 August 2012 17:00
Microsoft and Adobe have unleashed a series of software updates today, plugging a ton of security holes. The latest Patch Tuesday consists of nine bulletins including five rated as critical and four deemed important. One of the bulletins, MS12-060, addresses a flaw in all supported editions of Office that is being exploited in the wild and allows remote code execution if a user visits a site or opens an email containing unsavory code.
Another bulletin, MS12-052, fixes four privately disclosed flaws in Internet Explorer that could also lead to remote code execution, while MS12-053 and MS12-054 solve issues related to the Remote Administration Protocol and the Print Spooler, and MS12-058 patches the recently-revealed KB2737111 flaw in Exchange Server 2007 and 2010. From what we can gather, none of these vulnerabilities are being actively exploited.
All told, the update addresses 27 bugs in Office 2003, 2007 and 2010 (minus x64 builds), SQL Server 2000 Analysis Services, SQL Server 2000 (except Itanium editions), SQL Server 2005 (except the Express Edition but including Express Edition with Advanced Services), SQL Server 2008 and 2008 R2, Commerce Server 2002, 2007, 2009 and 2009 R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 and 9.0, as well as Visual Basic 6.0 Runtime.
Meanwhile, Adobe's quarterly update brings a newer version of Flash Player for Windows, Mac OS X and Linux users. The patch fixes a critical flaw (CVE-2012-1535) that is being exploited by attackers through a malicious Microsoft Word document that targets the ActiveX version of Flash Player for Internet Explorer. Other OS and browser users are still strongly encouraged to install the latest version, which can be downloaded here (don't sweat it if you're a Chrome user, as the browser updates Flash automatically). Adobe also offers updates for Shockwave, Reader and Acrobat. [techspot]