Before the year ends, Microsoft releases seven bulletins, five of which are rated as critical. Overall, these bulletins address 11 vulnerabilities. The Critical bulletins resolve vulnerabilities found in Microsoft Windows, Word, Internet Explorer and Windows Server. The remaining two vulnerabilities are focused on issues in Microsoft Windows. If successfully exploited, those bulletins deemed critical may allow attackers to execute malicious code into vulnerable systems thus compromising its security
Two of the notable bulletins in this batch are MS12-078 and MS12-079. MS12-078 addresses vulnerabilities in Microsoft Windows that can be exploited through a specially crafted document or through a malicious website that has embedded TrueType or OpenType font files. On the other hand, MS12-079 can be exploited via a specially crafted .RTF file.
Just last week, Trend Micro released security updates to address several zero-day exploits existing in Oracle MySQL server. As of this writing, the said vulnerabilities remain unpatched.
Users are strongly advised to keep their systems updated, especially during the Holiday season as cybercriminals can potentially leverage these vulnerabilities to infect user systems with malware. Cybercriminals typically employ old vulnerabilities as part of their attack. Case in point, the RTF Stack Buffer Overflow Vulnerability (CVE-2010-3333) addressed in MS10-087 was used in a targeted attack against NATO’s NSHQ.
Trend Micro Deep Security and Office Scan with Intrusion Defense Firewall (IDF) plugin protects users against possible threats leveraging these vulnerabilities. For more information on the bulletins and their IDF rules visit the Threat Encyclopedia page.