It’s the second Tuesday of April, 2012 and as usual Microsoft has released the security updates for its various products. The most important news in April is that the support for Windows XP will end on April 8, 2014. The extended support for Windows Vista has already ended. It means that Windows XP users will not get any security updates when the support from Microsoft ends. So they will be vulnerable to hackers and exploiters. It is always advisable to upgrade your Operating System to the latest one, Windows 7, in order to stay safe.
Microsoft has released a total of 6 security bulletins for this month. Four of the security updates have been termed as critical while two are important updates. Let’s first go through the critical updates:
MS12-023 – Cumulative Security Update for Internet Explorer (KB2675157)
This security update is for all the users of Internet Explorer 6, Internet Explorer 7, Internet Explorer 8 and Internet Explorer 9. This update resolves five critical vulnerabilities in Internet Explorer and are mandatory for every Internet Explorer user to install otherwise Internet Explorer will allow the exploiter to have the same privileges as the current user.
MS12-024 – Vulnerability in Windows Could Allow Remote Code Execution (2653956)
This update fixes the vulnerability of portable executable being run on the system in a specific environment. This vulnerability affects all Windows Operating Systems including Windows XP, Windows Vista, Windows 7, Windows 8 and Windows Server OS.
MS12-025 – Vulnerability in .NET Framework Could Allow Remote Code Execution (KB2671605)
This security update resolves one privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). .NET Framework 1, .NET Framework 2 and .NET Framework 4 are affected by this vulnerability.
MS12-027 – Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)
This security update resolves vulnerability in Windows Common Controls which could allow remote code execution if a user visits a site containing the exploit for this vulnerability. A lot of Microsoft products are affected by this vulnerability including Visual FoxPro, Visual Basic, Commerce Server, BizTalk Server, SQL Server 2000, SQL Server 2005, SQL Server 2008, Office 2003 and Office 2010.
These were the four critical security updates. Now lets talk about the important security updates.
MS12-026 – Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860)
This security update is related to Microsoft Forefront Unified Access Gateway 2010 and resolves two vulnerabilities. The security update addresses the vulnerabilities by modifying UAG code to require further verification before redirecting a user to another website, and by modifying the UAG server’s default binding settings to not allow unfiltered access to internal resources.
MS12-028 – Vulnerability in Microsoft Office Could Allow Remote Code Execution (2639185)
This update affects Microsoft Office 2007 Service Pack 2 and Microsoft Works 9. The security update addresses the vulnerability by deprecating the vulnerable Microsoft Works converter. Customers should use the latest version of the Microsoft Works converter, which is not affected by the vulnerability.
The people who have automatic updates enabled will get these updates automatically. But if you don’t have automatic updates enabled and want to install the updates manually, you can download the updates from the location given below:
Download Windows-KB913086-201204.iso [3.1 GB]