MSFN Forum: Microsoft to fix 28 security bugs in Tuesday patch

As part of its monthly security roundup, Microsoft will fix 28 bugs Tuesday in several of its programs, including Windows, Internet Explorer and Office.

The 28 flaws, wrapped into seven bulletins, also affect Microsoft's .NET Framework, Microsoft Dynamics AX and Microsoft Visual Basic. In its security advisory, Microsoft labeled three of the bulletins "critical," meaning an attacker could remotely execute malicious code on unpatched systems.

The four remaining bulletins are labeled "important" and could, if unpatched, grant an attacker elevated privileges to the affected programs.

The patches come hot on the heels of the shocking news that the sophisticated "Flame" malware, which was found targeting computers in the Middle East and Eastern Europe, used a forged Microsoft digital signature to pass itself off as a Windows update.

Microsoft issued an emergency update to all Windows computers and servers June 3 to revoke the stolen certificate. To prevent an attacker from exploiting Microsoft in the same way again, tomorrow's patch includes a change to Microsoft's Windows Update service. As the security firm Kaspersky Lab explained, the new Windows Update "will involve deploying a new certificate that will be the only one trusted by WU clients, and that certificate only will be used to protect WU files."

Also rocking the security world was last week's LinkedIn data breach, which saw 6.4 million members' passwords posted to the Web. That incident also saw the breach of about 1.5 million passwords from eHarmony members.

As Marcus Carey from the security firm Rapid7 said, "With all the recent security news, it's likely organizations need to roll up their sleeves this month anyway."

The Microsoft security updates can be downloaded from Microsoft's website.

View: Microsoft Security Bulletin Advance Notification for June 2012
Source:msnbc