• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Microsoft Patches Critical Security Vulnerabilities In Windows, Office, IE, Exchange & SQL Server

August 17, 2012

Views: 1,311

Another huge raft of critical fixes has been pushed out by Microsoft across almost their entire range of products, including client and server side software and the Windows OS itself.

It’s been a while since I’ve seen such a huge variety of security issues in one update including 5 critical vulnerabilities.

If you are running a Microsoft oriented organization you better get your update testing rig on-line and get rolling ASAP.

Microsoft has fixed 26 vulnerabilities in its software products, including several considered critical, the company said on Tuesday in its monthly security patch report.

The security holes, described in five critical and four important bulletins, affect multiple products, including Windows, Internet Explorer, Exchange, SQL Server and Office. In the worst-case scenarios, exploits could give attackers control of affected systems.

The first critical bulletin, labeled MS12-060, involves Windows Common Controls vulnerabilities, which affect Office, SQL Server, other server products and developer tools.

There have been “limited, targeted attacks” to try to exploit this security hole, but no public proof-of-concept code has been made available to Microsoft’s knowledge, wrote Microsoft security official Yunsun Wee in a related blog post.

If a user visits a website that contains “specially crafted content” designed to exploit the vulnerability, attackers could execute code remotely on the affected machine. However, users would have to be tricked into visiting such a website. The malicious code can also be sent as an email attachment, but users would need to open the attachment for the attack to work.

Most of them don’t seem to be out in the wild as such, as in they don’t have confirmed publicly available exploits. There have been cases of targeting attacks using these exploits, so they would be very much considered 0-day attacks and are probably being traded or sold in the underground.

The Common Controls exploit would be mitigated against if you had trained your users well on the dangers of opening unknown attachments as it would come in the form of a malicious .rtf file – most likely via e-mail.

Affected products include all supported editions of Office 2003, Office 2007, Office 2010 (except x64-based editions), SQL Server 2000 Analysis Services, SQL Server 2000 (except Itanium-based editions), SQL Server 2005 (except Microsoft SQL Server 2005 Express Edition, but including Microsoft SQL Server 2005 Express Edition with Advanced Services), SQL Server 2008, SQL Server 2008 R2, Commerce Server 2002, Commerce Server 2007, Commerce Server 2009, Commerce Server 2009 R2, Microsoft Host Integration Server 2004 SP 1, Visual FoxPro 8.0, Visual FoxPro 9.0 and Visual Basic 6.0 Runtime.

Microsoft patched a Windows Common Control bug in April that “made everyone sit up and take notice” due to the broad scope of important products it touched, said Andrew Storms, director of security operations at enterprise security vendor nCircle.

“There is some good news this month: that the attack vector associated with the [Windows Common Control] patch is an RTF (rich text format) file, and the victim has to explicitly open the file to allow the exploit. If you can’t get this patch rolled out or mitigation applied quickly, you should remind users about the dangers of opening attachments from unknown persons,” he said via email.

The second critical bulletin, labeled MS12-052, concerns four issues with IE that aren’t known to be under “active attack.” If successfully exploited, a malicious hacker could execute code on the affected machine with the privileges of the current user. As with the previous hole, users would need to visit a malicious Web page to fall victim to the attack. This vulnerability is rated critical for IE 6, IE 7, IE 8 and IE 9 on Windows clients and moderate for those same IE versions on Windows servers.

The more serious vulnerability, which effects Internet Explorer – allow code execution. But from the research done, it seems like these are not being actively attacked.

It’s critical for all versions of IE, including the current version IE9.

Source: Network World

Share
Tweet
Share1
Buffer
WhatsApp
Email
1 Shares

Filed Under: Countermeasures, Exploits/Vulnerabilities, Windows Hacking Tagged With: black tuesday, IE, internet-explorer, microsoft, microsoft security, patch-tuesday, windows-security



Reader Interactions

Comments

  1. Lavon says

    September 26, 2012 at 10:25 pm

    whoah this blog is magnifiсent i rеally like rеading youг posts.
    Κeep up the great work! You alrеady know,
    lotѕ of persons are looκing гound
    for this information, you can help them greatly.

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

Falco - Real-Time Threat Detection for Linux and Containers

Falco – Real-Time Threat Detection for Linux and Containers

Views: 323

Security visibility inside containers, Kubernetes, and cloud workloads remains among the hardest … ...More about Falco – Real-Time Threat Detection for Linux and Containers

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Views: 617

As threat surfaces grow and attack sophistication increases, many security teams face the same … ...More about Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

Views: 568

With more businesses running Linux in production—whether in bare metal, VMs, or containers—the need … ...More about Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

SUDO_KILLER - Auditing Sudo Configurations for Privilege Escalation Paths

SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Views: 605

sudo is a powerful utility in Unix-like systems that allows permitted users to execute commands with … ...More about SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Bantam - Advanced PHP Backdoor Management Tool For Post Exploitation

Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Views: 459

Bantam is a lightweight post-exploitation utility written in C# that includes advanced payload … ...More about Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

AI-Powered Cybercrime in 2025 - The Dark Web’s New Arms Race

AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Views: 687

In 2025, the dark web isn't just a marketplace for illicit goods—it's a development lab. … ...More about AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (228)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (431)
  • Forensics (65)
  • GenAI (3)
  • Hacker Culture (8)
  • Hacking News (229)
  • Hacking Tools (684)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (118)
  • Security Software (235)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,298,011)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,104)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,640)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,691)
  • Password List Download Best Word List – Most Common Passwords (933,528)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,171)
  • Hack Tools/Exploits (673,300)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,184)

Search

Recent Posts

  • Falco – Real-Time Threat Detection for Linux and Containers May 19, 2025
  • Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance May 16, 2025
  • Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked) May 14, 2025
  • SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths May 12, 2025
  • Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation May 9, 2025
  • AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race May 7, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy