CloseClose

The ThreatCon is currently at Level 1: Normal.

On January 10, 2012, Microsoft released its scheduled patch update for January 2012. This January's update covers vulnerabilities in the Microsoft Windows operating system, its components, as well as vulnerabilities in Windows Media Player, Windows Object Packager, and the Microsoft Anti-Cross Site Scripting Library. Seven security bulletins have been released to address these issues.

Exploitation of the patched vulnerability in Windows Media Player (BID 51292, CVE-2012-0003) is occurring in the wild on malicious websites for remote code execution. Attacks are currently not widespread.

Customers are advised to install all applicable updates as soon as possible.

Microsoft Security Bulletin Summary for January 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-jan

Malware Leveraging MIDI Remote Code Execution Vulnerability Found
http://blog.trendmicro.com/malware-leveraging-midi-remote-code-execution-vulnerability-found/

More Information on MS12-004
http://blogs.technet.com/b/srd/archive/2012/01/10/more-information-on-ms12-004.aspx

Microsoft Security Bulletin MS12-004 - Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)
http://technet.microsoft.com/en-us/security/bulletin/ms12-004

Advanced Exploitation of Internet Explorer Heap Overflow Vulnerabilities (MS12-004)
http://www.vupen.com/blog/20120117.Advanced_Exploitation_of_Windows_MS12-004_CVE-2012-0003.php

Microsoft Windows Media Player 'winmm.dll' MIDI File Parsing Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51292

Threatcon Level 1
ThreatCon Level 1
Low : Basic network posture
This condition applies when there is no discernible network incident activity and no malicious code activity with a moderate or severe risk rating. Under these conditions, only a routine security posture, designed to defeat normal network threats, is warranted. Automated systems and alerting mechanisms should be used.
Threatcon Level 1
ThreatCon Level 2
Medium : Increased alertness
This condition applies when knowledge or the expectation of attack activity is present, without specific events occurring or when malicious code reaches a moderate risk rating. Under this condition, a careful examination of vulnerable and exposed systems is appropriate, security applications should be updated with new signatures and/or rules as soon as they become available and careful monitoring of logs is recommended. Changes to the security infrastructure are not required.
Threatcon Level 1
ThreatCon Level 3
High : Known threat
This condition applies when an isolated threat to the computing infrastructure is currently underway or when malicious code reaches a severe risk rating. Under this condition, increased monitoring is necessary, security applications should be updated with new signatures and/or rules as soon as they become available and redeployment and reconfiguration of security systems is recommended. People should be able to maintain this posture for a few weeks at a time, as threats come and go.
Threatcon Level 1
ThreatCon Level 4
Extreme : Full alert
This condition applies when extreme global network incident activity is in progress. Implementation of measures in this Threat Condition for more than a short period probably will create hardship and affect the normal operations of network infrastructure.
©1995 - 2012 Symantec Corporation
About|
Site Map|
Legal