As usual, Microsoft meets today with its traditional “Patch Tuesday.” The software company harnesses the second Tuesday of each month to launch block security updates for its main products. This time, Microsoft released seven different security bulletins, only two of them critical nature and the rest of them of important nature. Some of the affected platforms including Windows and Office, but above all, the absence of a patch for the vulnerability found last week at the old versions of Internet Explorer and has already been successfully exploited. Just follow all the details on these updates below.
As we said at the beginning, the company has launched this January for seven security bulletins. At this hour still not disclosed all the details on the operation of the holes, even if you know the affected software and dangers that can result from the vulnerabilities addressed. The first of the critical nature bulletins affects versions of Windows 7 and Windows Server 2008 R2, while remaining out of harm other new platforms like the Windows 8. A successful exploitation of this hole would allow the cyber criminal to execute code remotely.
The second critical bulletin affects both the platform Windows as a tool of the company office Office. In the first case addresses included all versions of Windows in security updates, which differs only in that the level of danger in Windows XP, Windows Vista, Windows 7, Windows RT and Windows 8 is critical, while in For server versions for Windows Server 2003, Windows Server 2007, Windows Server 2008 R2 and Windows Server 2012 the danger level is moderate. In the case of office automation platform Office affected versions are Microsoft Office 2003 and Microsoft Office 2007. It also falls within this bulletin HTML editor Microsoft Expression Web 2. A successful exploitation of these holes allow the cyber criminal to gain control of the computer through code execution remotely.
The third bulletin to its danger important level, and affects the solution Microsoft System Center Operations Manager 2007. The attacker could elevate privileges at the same level of the user. The fourth important nature bulletin addresses a vulnerability that can also elevate privileges cyber criminal if successful exploitation, and affects all versions of Windows listed in any Microsoft security updates.
The fifth security bulletin released by the company focuses on a hole found in versions Windows Vista, Windows 7, Windows 8 and Windows RT and versions of this server system to Windows Server 2007, Windows Server 2008 R2 and Windows Server 2012. Again, Successful exploitation allows the criminal to elevate their privileges at the same level of the user. The sixth newsletter, also of important nature, affecting the same versions of Windows than the previous bulletin, but in this case the danger is in the ability to override the computer’s security.
Finally, the seventh of this month’s newsletter focuses on all versions of Windows contained, and corrected the vulnerability could allow cyber criminal perform denial of service or DDOS attacks.