Software

Microsoft Updates November 2012 – IE, Kernel+Shell, and .NET Critical Patches

Microsoft is patching a fair number of vulnerabilities in their software with 19 flaws being fixed. All of them are being updated in six Bulletins this month (MS12-071 through MS12-076). Four of the Bulletins are rated critical with only two of them being rated urgent for immediate deployment by larger customers concerned with compatibility and performance. At the same time, Internet Explorer 10 is not vulnerable to exploitation by the related set of three flaws, and newly released Windows 8 is affected by yet another font parsing flaw described by CVE-2012-2897, similar to the vulnerability exploited by Duqu. The font malware is especially interesting because the Duqu exploit is currently being included in mass exploitation kits alongside widespread Java and Adobe Reader exploits to spread Ransomware, ZeroAccess, and other trojans of all sorts. Even though Duqu was spread years ago, the patch delivered months ago, the vulnerability continues to be included in the kits and successfully exploited

Microsoft Updates November 2012 – IE, Kernel+Shell, and .NET Critical Patches

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q3 2024

The report features the most significant developments relating to APT groups in Q3 2024, including hacktivist activity, new APT tools and campaigns.

Subscribe to our weekly e-mails

The hottest research right in your inbox