Microsoft released 9 patches that fix a total of 21 vulnerabilities. Of these vulnerabilities, 13 remote code execution vulnerabilities, 3 elevation of privilege vulnerabilities, and 5 information disclosure vulnerabilities were patched.
- Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) - Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704) - Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837) - Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657)
Antivirus vendors are warning customers of a spreading malware that can infect computers through a well-known bug in the Windows AutoRun software used to automatically launch programs on a DVD or USB device.
IS Decisions's insight:
You should consider disabling AutoRun on all your Windows operating systems and restricting write permissions to file shares ...
Microsoft kicks off another year of bug squashing, delivering seven security bulletins to seal holes in Windows Server 2008 R2 and desktop versions of Windows in the first Patch Tuesday edition of 2012.
The Security Intelligence Report is a biannual report by Microsoft that analyzes past and present security trends. It focuses on “software vulnerabilities, software vulnerability exploits, malicious and potentially unwanted software, and security breaches”.
The latest report published yesterday focuses on the first and second quarter of 2011 and compares the findings with data from previous years.
Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.