Microsoft Patches Critical Windows Zero-day Bug That Hackers Are Now Exploiting

Microsoft today delivered six security updates to patch 11 vulnerabilities in Windows, Internet Explorer (IE), Office and several other products, including one bug that attackers are already exploiting.

"The most prominent vulnerabilities are in Internet Explorer, with 4 of the 5 patches marked as critical," John Harrison, group product manager for Symantec Security Response told us after the announcement. "Because the vulnerabilities could allow remote code execution, we recommend users patch as soon as possible."

"We list MS12-027 as our highest priority security update to deploy this month because we are aware of very limited, targeted attacks taking advantage of [the] CVE-2012-0158 vulnerability using specially-crafted Office documents," said Elia Florio, an engineer with the Microsoft Security Response Center, in the SRD blog post.

This weighting was backed up by security firm Qualys, where CTO Wolfgang Kandek said that it affects an "unusually wide-range" of Microsoft products. These include Microsoft Office 2003 through 2010 on Windows, SQL Server 2000 through 2008 R2, Biztalk Server 2002, Commerce Server 2002 through 2009 R2, Visual Foxpro 8 and Visual Basic 6 Runtime.

Read more -here-

• Comcast unveils streaming bundle that includes Apple TV+, Peacock and Netflix
• John Deere says solar storm compromised GPS tracking on tractors
• Dell confirms database hacked - hacker says 49 million customers hit
• Google releases emergency fix for new Chrome zero-day flaw
• Disney+, Hulu and Max team up for streaming bundle package
• OpenAI is reportedly working on a search feature for ChatGPT