The Microsoft Security Bulletin Advance Notification for June 2012 lists seven bulletins, three of which are rated “critical” and four “important.” The three critical alerts all allow attackers to remotely execute code. With all the recent security news, it’s likely organizations need to roll up their sleeves this month anyway.
Bulletin 1 affects all modern Windows distributions, which means it will affect both business and consumers.
Bulletin 2 is also labeled as critical and affects Internet Explorer 7, 8, and 9. When it comes to remote code execution, browser exploits provide the most bang for buck.
Bulletin 3 is a critical vulnerability that affects Microsoft Windows and the .NET Framework. We’ve seen several vulnerabilities related to .NET recently. In the past, these types of vulnerabilities exploit systems if a user views a specially crafted webpage using a web browser.
Bulletin 4, which is labeled as important, will likely patch a vulnerability related to how Microsoft Office handles Visual Basic. A victim will likely be compromised if they are duped into opening malicious documents or files.
Bulletin 5 is related to Microsoft Dynamics AX 2012, which is a Microsoft enterprise resource planning software product. Bulletin 5 is labeled as important. The actual usage of this product is uncertain; however, it’s safe to assume this vulnerability will not affect a huge number of organizations or consumers. If successfully exploited, this bulletin would result in an escalation of privileges.
Bulletins 6 and 7 are rated important and affect Microsoft operating systems, which could result in an escalation of privileges if successfully compromised. These are the types of bugs which can be exploited at kiosks and other types of multi-user terminals. Bulletin 6 is applicable to all modern Windows operating systems, while Bulletin 7 affects several of the Windows operating systems but not all, which is a bit strange. Both Bulletins 6 and 7 will affect both business and consumers.
Author: Marcus Carey, security researcher at Rapid7.