Microsoft patches critical IE and Remote Desktop flaws

source: PCpro

Microsoft has released its June “Patch Tuesday” security update, fixing three critical and four important issues in its software.

The three critical patches are for Remote Desktop, Internet Explorer and .NET Framework – and according to experts, “the critical ones really are critical this time around”.

The Remote Desktop vulnerability (MS12-036) is a particular concern because it could be exploited for remote code execution.

An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user

“Microsoft has assigned this vulnerability an exploitability index of one, suggesting that it is possible to use it to get remote code execution reliably,” said Chester Wisniewski, a security analyst with Sophos on the company blog.

The Internet Explorer patch (MS12-037) is also rated as highly exploitable and affects Internet Explorer versions 6 to 9.

“The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer,” Microsoft said in a security bulletin. “An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user.”

The “important” fixes are for a remote code weakness in Lync, and three elevation of privilege vulnerabilities, one in Microsoft Dynamics AX Enterprise Portal and two in the Windows kernel.

Read more: Microsoft patches critical IE and Remote Desktop flaws | Security | News | PC Pro http://www.pcpro.co.uk/news/security/375121/microsoft-patches-critical-ie-and-remote-desktop-flaws#ixzz1xfWA4V9n