News

Microsoft to fix Internet Explorer 9 in July 2012 Patch Tuesday

SearchSecurity.com Staff

Microsoft will issue nine bulletins, three rated “critical,” addressing 16 flaws across its product line as part of its July 2012 Patch Tuesday.  As part of the update, Microsoft could roll out a patch addressing the XML

    Requires Free Membership to View

Core Services zero-day flaw, which surfaced last month.  

In its advance notification issued today, the software giant said the “critical” bulletins affect Windows and Internet Explorer 9. In addition, it plans updates to repair coding errors in Office, SharePoint server and Visual Basic for Applications.

Active attacks targeting XML Core Services
The advance notification does not indicate whether XML Core Services would be affected by the July updates. Microsoft issued an advisory last month warning users of attacks targeting an XML Core Services zero-day flaw

Microsoft XML Core Services processes and converts XML to HTML for display.  Attacks can target the coding error through drive-by attacks or trick users through a phishing campaign. Once an attacker is successful they are granted the same user rights as the victim and can access systems while fully authenticated, Microsoft said.

The vulnerability affects all supported releases of Microsoft Windows, and all supported editions of Microsoft Office 2003 and Microsoft Office 2007. The advisory includes a workaround that can be used until the investigation is complete and a permanent patch is released.

Since the advisory, security experts say attacks targeting the flaw have increased. Graham Cluley outlined an attack using the flaw targeting the website of a European aeronautical parts supplier.

The bulletins are scheduled to be released July 10.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: