Microsoft issued nine bulletins fixing 16 vulnerabilities in the July 2012 edition of Patch Tuesday. Three of the bulletins received Microsoft’s most severe ‘critical’ rating, while the remaining six were deemed merely ‘important.’
First and foremost among the critical patches is MS12-043, a fix for the publicly disclosed and widely publicized XML core services vulnerability that was actively exploited last month. Affecting Microsoft Windows, Office, Developer Tools and Server Software, it allowed attackers to execute code remotely after tricking victims into visiting a malicious website in Internet Explorer.
MS12-044, also critical, is a cumulative security update for Internet Explorer resolving two privately reported bugs that, if unpatched, could allow an attacker to remotely execute code if a user visits a specially crafted webpage using Internet Explorer. Successful exploitation could grant the attacker user-rights, which, as always, will be more troublesome for users who operated with administrative rights.
The final critical bulletin, MS12-045, resolves one privately disclosed vulnerability in the data access components of Windows. Like the previous bulletin, this could potentially lead to remote code execution if the user visits a specially crafted website and allow the attacker to gain the same user rights as the current user.
The remaining ‘important’ bulletins resolve 12 vulnerabilities altogether, specifically, one bug in Visual Basic for Applications and another in the Windows Shell that could allow for remote code execution. The fix also covers two elevation of privilege vulnerabilities in Windows Kernel-Mode Drivers, six in SharePoint, and one more in Office for Mac, in addition to an information disclosure bug in TLS.
You can find the entire TechNet announcement here.
