(LiveHacking.Com) – Microsoft has released fixes to address multiple vulnerabilities as part of its February’s Patch Tuesday. The fixes affect Microsoft Windows, Internet Explorer, .Net Framework, Silverlight, Office, and Windows Server Software. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges.
Twenty one vulnerabilities were addressed. Microsoft recommends that customers focus on the first two critical updates:
- MS12-010 (Internet Explorer): Cumulative Security Update for Internet Explorer. This bulletin addresses two Critical, one Important and one Moderate issues affecting all versions of Internet Explorer. The most severe of these could allow for remote code execution, if an attacker were to convince a user to visit a maliciously constructed Web page. All of these issues were cooperatively disclosed to Microsoft, and we know of no active exploitation in the wild. We recommend that customers read through the bulletin information concerning MS12-010 and apply it as soon as possible.
- MS12-013 (C Runtime Library): Vulnerabilities in C Run-Time Library Could Allow Remote Code Execution. This bulletin addresses an issue that could arise if a would-be attacker sent a malicious media file to a targeted user, or convinced the user to visit a Web page hosting such a file. The issue was cooperatively disclosed to Microsoft, and we know of no active exploitation in the wild. As with MS12-010, though, we recommend that customers read through the bulletin information and apply it as soon as possible.
The other critical bulletins include MS12-008, which addresses vulnerabilities that could allow remote code execution if a user visits a website containing specially crafted content or if a specially crafted application is run locally, and MS12-016, which fixes issues affecting the .NET Framework and Microsoft Silverlight that can be exploited to allow an attacker to remotely execute code.