English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Microsoft Updates November 2012 - IE, Kernel+Shell, and .NET Critical Patches

Kurt Baumgartner
Kaspersky Lab Expert
Posted November 13, 18:38  GMT
Tags: Microsoft
0.1
 

Microsoft is patching a fair number of vulnerabilities in their software with 19 flaws being fixed. All of them are being updated in six Bulletins this month (MS12-071 through MS12-076). Four of the Bulletins are rated critical with only two of them being rated urgent for immediate deployment by larger customers concerned with compatibility and performance. At the same time, Internet Explorer 10 is not vulnerable to exploitation by the related set of three flaws, and newly released Windows 8 is affected by yet another font parsing flaw described by CVE-2012-2897, similar to the vulnerability exploited by Duqu. The font malware is especially interesting because the Duqu exploit is currently being included in mass exploitation kits alongside widespread Java and Adobe Reader exploits to spread Ransomware, ZeroAccess, and other trojans of all sorts. Even though Duqu was spread years ago, the patch delivered months ago, the vulnerability continues to be included in the kits and successfully exploited.


Comments

If you would like to comment on this article you must first
login


Bookmark and Share
Share

Related Links

Analysis

Blog