June 2012 Microsoft Security Update Addresses 26 CVEs; Released Automatic Updater for Windows 7/Vista; Announces Update for RSA Keys Less than 1024 Bits

Seven security bulletins released today as part of the June 2012 security update - three Critical-class and four Important - addressing 26 unique CVEs to patch the security postures of Microsoft Windows, Internet Explorer, Dynamics AX, Microsoft Lync, and the Microsoft .NET Framework.In addition, Microsoft also released today, an automatic updater feature for Windows Vista […]

Seven security bulletins released today as part of the June 2012 security update - three Critical-class and four Important - addressing 26 unique CVEs to patch the security postures of Microsoft Windows, Internet Explorer, Dynamics AX, Microsoft Lync, and the Microsoft .NET Framework.

In addition, Microsoft also released today, an automatic updater feature for Windows Vista and Windows 7 untrusted certificates, that provides a mechanism that allows Windows to specifically flag certificates as untrusted.

"With this new feature, Windows will check daily for updated information about certificates that are no longer trustworthy. In the past, movement of certificates to the untrusted store required a manual update," explains MSRC.

"This new automatic update mechanism, which relies on a list of untrusted certificates known as a Disallowed Certificate Trust List (CTL), is detailed on the PKI blog. We encourage all customers to install this new feature immediately."

Also, the comapny has issued Security Advisory 2719615 that includes information on and mitigations for a recently disclosed Remote Code Execution issue involving MSXML Core Services, which is part of Windows and other products.

"Our investigation is still underway, but we have already developed an effective workaround that stops would-be attackers from taking advantage of the issue via Internet Explorer. We're pleased to offer it as an easy-to-deploy, no-reboot-required Fix it in Security Advisory 2719615 for anyone who, after reading about the issue, believes they might be at risk," the team posted.

Microsoft also said that in August, they will release a change to how Windows manages certificates that have RSA keys of less than 1024 bits in length. "Once this key length update is released, we will treat all of these certificates as invalid, even if they are currently valid and signed by a trusted certificate authority," MSRC adds.

June 2012 Microsoft Patch Tuesday: Buildt in Deployment Priority Chart

June 2012 Microsoft Security Update : Severity and Exploitability Chart

MS12-037 (Internet Explorer) security update addresses 13 issues affecting all supported versions of IE. The maximum severity for these issues is Critical and could result in remote code execution.

MS12-036 (RDP) security update addresses one Critical issue affecting all supported versions of Microsoft Windows that could result in remote code execution. Attack vectors for this issue include maliciously crafted websites and email.

Here is an overview of this month's bulletins: