Microsoft recently released two important updates for Windows 7: Security update KB4012212 and Monthly Rollup KBKB4012215. Both patch a series of severe vulnerabilities that could allow attackers to remotely run malicious code using specially crafted applications and URLs.
To install the latest Windows 7 security fixes and improvements, users can either download and install the security update KB4012212 or the Monthly Rollup KBKB4012215. The difference is that if you choose to install the Monthly Rollup, you’ll also install improvements and fixes from previous monthly rollups.
Windows 7 KB4012212 fixed vulnerabilities:
- MS17-022 Microsoft XML Core Services: This vulnerability could allow information disclosure if a user visits a malicious website.
- MS17-021 DirectShow: This vulnerability could allow an information disclosure if Windows DirectShow opens specially crafted media content hosted on a malicious website.
- MS17-020 information disclosure vulnerability in Windows DVD MakerWindows DVD Maker.
- MS17-019 information disclosure vulnerability in Active Directory Federation Services.
- MS17-018 Windows Kernel-Mode Drivers: This vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. In other words, the attacker could take control of the affected system.
- MS17-017 elevation of privilege vulnerability in Windows Kernel.
- MS17-016 Internet Information Services: This vulnerability could allow elevation of privilege if users clicks a specially crafted URL hosted by an affected Microsoft IIS server. The attacker could potentially execute scripts in the user’s browser to obtain information from web sessions.
- MS17-013 Microsoft Graphics Component vulnerability affecting Microsoft Office, Skype for Business, Microsoft Lync, and Microsoft Silverlight that could allow remote code execution.
- MS17-012 Microsoft Windows remote code execution vulnerability.
- MS17-011 remote code execution vulnerability in Microsoft Uniscribe.
- MS17-010 remote code execution vulnerability in Windows SMB Server.
- MS17-008 Windows Hyper-V vulnerability that causes the Hyper-V host operating system to execute arbitrary code.
How to install KB4012212 and KBKB4012215
RELATED STORIES YOU NEED TO CHECK OUT:
- Windows 7, 8.1 updates KB2952664 and KB2976978 are back
- Microsoft wants Windows 7 users to migrate to Windows 10 for security reasons
- Windows 10 overtakes Windows 7 in the US and UK