Microsoft Patch Tuesday: Patch for Critical Zero-Day Vulnerability Released

It’s Patch Tuesday and Microsoft has released security updates to patch 11 vulnerabilities in Windows, Internet Explorer, Office and several other products. However, the most interesting patch is MS12-027. This is because it’s a zero-day vulnerability, in other words, hackers are already exploiting it – and you could be next. Microsoft’s Elia Florio, an engineer with the Microsoft Security Response Center discussed this vulnerability in an SRD blog post: “We list MS12-027 as our highest priority security update to deploy this month because we are aware of very limited, targeted attacks taking advantage of [the] CVE-2012-0158 vulnerability using specially-crafted Office documents.”

The vulnerability patched is in an ActiveX control included with every 32-bit version of Office 2003, 2007 and 2010. Microsoft also said that the following products need the patch too: SQL Server, Commerce Server, BizTalk Server, Visual FoxPro and Visual Basic. There’s a lot more info on this vulnerability and the others over at PC World. In short, running Microsoft Update as soon as possible and patching this bug and the other 10 is highly recommended.