As always Microsoft has released a batch of fixes for its products on the second Tuesday of the month. This month there are eight patches for Windows and one for Macintosh.
The most awaited fix is MS12-043 that closes a hole in Microsoft XML services that has been exploited in the wild for several weeks. This bug allows compromised web sites to execute malicious code on your computers and should be priority number one this month.
There are two other critical fixes, MS12-044 and MS12-045, both of which can result in remote code execution. MS12-044 only affects Internet Explorer 9, while MS12-045 is a bug in MDAC/WDAC which impacts all users of Internet Explorer.
The remaining patches cover vulnerabilities rated as important or moderate. After reviewing the information provided by Microsoft, I concur. Impacted products include VBA, Windows kernel, Windows shell, TLS, SharePoint and Office 2011 for Mac.
Some of these vulnerabilities are already being exploited, while others will be researched and put into action in short order. If you are one of the “wait and see” patch delayers, I encourage you to take action as quickly as possible.
Individuals should find install these fixes using Windows Update, while users of WSUS and other patching tools should see them available now.