Video Screencast Help

Microsoft Patch Tuesday - January 2012

Created: 10 Jan 2012 22:11:27 GMT • Updated: 23 Jan 2014 18:17:54 GMT • Translations available: 日本語
Robert Keith's picture
0 0 Votes
Login to vote

Hello, welcome to this month’s blog on the Microsoft patch release. This is a smaller month—the vendor is releasing seven bulletins covering a total of eight vulnerabilities.

Only one of this month's issues is rated 'Critical' and it affects Windows Media. The remaining issues affect Windows, the kernel, and Microsoft’s Anti-Cross Site Scripting library.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the January releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms12-jan

The following is a breakdown of the issues being addressed this month:

  1. MS12-004 Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)

    CVE-2012-0003 (BID 51292) Microsoft Windows Media Player 'winmm.dll' MIDI File Parsing Remote Code Execution Vulnerability (MS Rating: Critical; Symantec Urgency Rating 7.1/10)

    A remote code execution vulnerability affects Media Player when handling a specially crafted MIDI file. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. A successful exploit will result in the execution of arbitrary attacker supplied code in the context of the currently logged-in user.

    CVE-2012-0004 (BID 51295) Microsoft DirectX DirectShow Filters Remote Code Execution Vulnerability (MS Rating: Important; Symantec Urgency Rating 7.1/10)

    A remote code execution vulnerability affects Windows when handling a specially crafted media files. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. A successful exploit will result in the execution of arbitrary attacker supplied code in the context of the currently logged-in user.

  2. MS12-005 Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)

    CVE-2012-0013 (BID 51284) Microsoft Windows ClickOnce Application Installer Remote Code Execution Vulnerability (MS Rating: Important; Symantec Urgency Rating 7.1/10)

    A remote code execution vulnerability affects Windows in the way Windows Packager loads ClickOnce applications. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious Office file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

  3. MS12-002 Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381)

    CVE-2012-0009 (BID 51297) Microsoft Windows Object Packager Remote Code Execution Vulnerability (MS Rating: Important; Symantec Urgency Rating 7.1/10)

  4. MS12-007 Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664)

    CVE-2012-0007 (BID 51291) Microsoft AntiXSS Library Sanitization Module Security Bypass Vulnerability (MS Rating: Important; Symantec Urgency Rating 7.1/10)

    A cross-site scripting vulnerability affects the Microsoft anti cross-site scripting (AntiXSS) library when handling certain HTML. An attacker can exploit this issue to disclose potentially sensitive information, such as cookie-based authentication credentials. Information obtained may aid in further attacks.

  5. MS12-006 Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)

    CVE-2011-3389 (BID 49778) SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability (MS Rating: Important; Symantec Urgency Rating 7.6/10)

    A previously public (Sept 19, 2011) information disclosure vulnerability affects the SSL and TLS protocols. A man-in-the-middle attacker may be able to guess the ciphertext used in encrypted traffic, allowing them to decrypt HTTPS traffic to a targeted victim.

  6. MS12-001 Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)

    CVE-2012-0001 (BID 51296) Microsoft Windows Kernel CVE-2012-0001 SafeSEH Security Bypass Vulnerability (MS Rating: Important; Symantec Urgency Rating 7.5/10)

    A security-bypass vulnerability affects Windows due to how the kernel loads the structured exception handling tables. A local attacker may be able to exploit this issue to bypass the SafeSEH security feature of an application; this may aid in further attacks.

  7. MS12-003 Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)

    CVE-2012-0005 (BID 51270) Microsoft Windows CSRSS CVE-2012-0005 Local Privilege Escalation Vulnerability (MS Rating: Important; Symantec Urgency Rating 6.6/10)

    A local privilege-escalation vulnerability affects the Windows Client/Server Run-time Subsystem (CSRSS) due to the way it processes a sequence of specially crafted Unicode characters. A local attacker can exploit this issue to gain elevated privileges; this may facilitate a complete system compromise.

More information on the vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal, and to our customers through the DeepSight Threat Management System.