Microsoft on Tuesday warned by saying that cyber-criminals are in urge to take complete control of vulnerable machines by aiming exploits at critical security flaws in both Internet Explorer and Windows. The company asking users to pay special attention to MS12-037 and MS12-036, which provides cover for “remote code execution” vulnerabilities. The warning comes as part of this month’s Patch Tuesday in which the software giant released 7 bulletins with fixes for at least 26 documented vulnerabilities which are affecting the Windows ecosystem.
From Bulletin MS12-037:
This security update resolves one publicly disclosed and twelve privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
From Bulletin MS12-036:
This security update resolves a privately reported vulnerability in the Remote Desktop Protocol. The vulnerability could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.