Windows users are accustomed to the regular security updates for Windows and Internet Explorer that Microsoft pushes on a regular basis. Sure, there are some updates that are marked critical, but it’s pretty tame stuff for the most part. That seemed to not be the case on Tuesday.
Computer World reports that Microsoft pushed out patches for 26 vulnerabilities with 10 of them being marked critical. Many of the bug patches were for vulnerabilities in Internet Explorer, including IE10 in the Windows 8 preview.
The big news here, however, is not the patches, but rather the fact that these vulnerabilities are already being exploited. Microsoft has found that one of the flaws in Internet Explorer 8 has led to attacks on users of the 3-year-old browser. If you use IE8, it’s suggested that you download and install an update called MS12-037 immediately.
Another critical bug that was found and patched in the latest update affected Remote Desktop Protocol. There’s a vulnerability in the program that allows a hacker to send data packets to a system that has RDP enabled. This effects all Windows operating systems from Windows XP SP3 to Windows 7 SP1.
Other major security flaws were found in the Windows .Net framework and kernel drivers. The worrying thing about these particular updates is that Microsoft requires users to download them from their Web site. Most of the patches are not delivered over the automatic Windows Update service that Microsoft uses to push security updates. You can grab the updates to MS12-039 and MS12-040 now.
While Microsoft was busy patching all of the aforementioned problems, it appears that a new kind of attack was spreading. According to Microsoft, the new attack exploits a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0 and 6.0. It only affects those on Internet Explorer by allowing a remote attacker to execute code whenever somebody visits a particular Web page.
Unfortunately, there is no patch for this problem at the moment. Computer World assumes that Microsoft will push out an emergency update before the next scheduled update on July 10. While we may laugh about those that use Internet Explorer, there are still many who use the browser that need to know about these vulnerabilities.
While we wait for the patch, it’s good to remember a few key rules to keeping a computer healthy. Users should remain constantly vigilant and be always suspicious of any links to Web sites that they’re not familiar with. You should always keep your malware definitions up to date. I recommend using either Avast! or Microsoft’s own Security Essentials.