9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
99.9%
Microsoft to patch three critical vulnerabilities on Tuesday
When Patch Tuesday rolls around next week, Three critical vulnerabilities , as well as six Important issues will be addressed by Microsoft. Only three of the nine security bulletins are ranked Critical, while the remaining six are rated as Important.
Although all three of of the Critical vulnerabilities center on Windows, one of them also includes Internet Explorer 9. Interestingly, the flaw does not extend to previous versions of the browser, so it appears itβs something new.
The two other critical bulletins could allow malicious users to remotely execute code on Windows operating systems, including all supported server and client versions. βMany are expecting a patch for CVE-2012-1889: a vulnerability in Microsoft XML Core Services, which is currently being exploited in the wild,β says Marcus Carey, a security researcher with Rapid7.
Get the full details when the security bulletins are officially released next Tuesday. Happy patching next week!