Patch Tuesday June 2012 - Critical updates for IE, RDP, .NET, Flash and Java

Filed Under: Adobe, Adobe Flash, Apple, Featured, Java, Microsoft, Oracle, Vulnerability

Patch Tuesday blue jeansAs always Microsoft has released a batch of patches on the second Tuesday of the month. This month you will find seven bulletins have been released, three of which are critical and four important.

The critical ones really are critical this time around. The first, MS12-036, reminds me of MS12-020 back in March which we feared would turn into an RDP worm. Fortunately it only resulted in denial of service, but MS12-036 may be the one we feared the last go around.

Microsoft have assigned this vulnerability an exploitability index of one, suggesting that it is possible to use it to get remote code execution reliably. Hopefully all of you have blocked internet access to RDP enabled servers in response to MS12-020.

MS12-037 is a critical fix with an exploitability index of one for Internet Explorer versions six through nine. Microsoft advises to apply this one as soon as possible. It also fixes one of the flaws discovered during this years Pwn2Own contest at CanSecWest 2012.

The last of the critical advisories, MS12-038, impacts the .NET framework component of most Windows systems. It affects an odd bunch of versions, but similar to the first two patches is critical and exploitability of one... Don't ask twice, apply it now.

Other MS advisories fix flaws in Microsoft Dynamics, a couple of Windows kernel flaws and Microsoft Lync. An important rating may cause less urgency, but it would be prudent to apply them all where appropriate.

Adobe released fixes for Flash Player and Cold Fusion today. As usual get your latest Flash Player updates from http://get.adobe.com/flashplayer or configure Flash to automatically install updates (recommended).

Oracle and Apple have released updates for Java, bring the latest release Java 6 update 33 and Java 7 update 5. These fixes address 14 vulnerabilities in Java and can be obtained from Java.com or by checking for updates on OS X Snow Leopard (10.6) and Lion (10.7).

Patch now for a safer browsing experience, it won't be long before these bugs are exploited by our adversaries.

, , , , , , , , ,

You might like

2 Responses to Patch Tuesday June 2012 - Critical updates for IE, RDP, .NET, Flash and Java

  1. Didn't Java switch the consumer version on to the "Java 7" branch already? The version at the "http://java.com/" is Version 7 Update 5. To avoid Java FX installing, use "Windows Offline (32-bit)" at http://java.com/en/download/manual.jsp. (Thanks thetechgeek at the Norton forums for this tip). And the flash update was released last Friday.

  2. Hugh · 863 days ago

    Sorry but I don't know what an RDP server is.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.