On January 10, 2012, Microsoft released its scheduled patch update for January 2012. This January's update covers vulnerabilities in the Microsoft Windows operating system, its components, as well as vulnerabilities in Windows Media Player, Windows Object Packager, and the Microsoft Anti-Cross Site Scripting Library. Seven security bulletins have been released to address these issues.
Exploitation of the patched vulnerability in Windows Media Player (BID 51292, CVE-2012-0003) is occurring in the wild on malicious websites for remote code execution. Attacks are currently not widespread.
Customers are advised to install all applicable updates as soon as possible.
Microsoft Security Bulletin Summary for January 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-jan
Malware Leveraging MIDI Remote Code Execution Vulnerability Found
http://blog.trendmicro.com/malware-leveraging-midi-remote-code-execution-vulnerability-found/
More Information on MS12-004
http://blogs.technet.com/b/srd/archive/2012/01/10/more-information-on-ms12-004.aspx
Microsoft Security Bulletin MS12-004 - Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)
http://technet.microsoft.com/en-us/security/bulletin/ms12-004
Advanced Exploitation of Internet Explorer Heap Overflow Vulnerabilities (MS12-004)
http://www.vupen.com/blog/20120117.Advanced_Exploitation_of_Windows_MS12-004_CVE-2012-0003.php
Microsoft Windows Media Player 'winmm.dll' MIDI File Parsing Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51292
Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
