Hello, welcome to this month’s blog on the Microsoft patch release. This is a smaller month—the vendor is releasing seven bulletins covering a total of eight vulnerabilities.
Only one of this month's issues is rated 'Critical' and it affects Windows Media. The remaining issues affect Windows, the kernel, and Microsoft’s Anti-Cross Site Scripting library.
As always, customers are advised to follow these security best practices:
- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or questionable sources.
- Never visit sites of unknown or questionable integrity.
- Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft’s summary of the January releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms12-jan
The following is a breakdown of the issues being addressed this month:
-
MS12-004 Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)
CVE-2012-0003 (BID 51292) Microsoft Windows Media Player 'winmm.dll' MIDI File Parsing Remote Code Execution Vulnerability (MS Rating: Critical; Symantec Urgency Rating 7.1/10)
A remote code execution vulnerability affects Media Player when handling a specially crafted MIDI file. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. A successful exploit will result in the execution of arbitrary attacker supplied code in the context of the currently logged-in user.
CVE-2012-0004 (BID 51295) Microsoft DirectX DirectShow Filters Remote Code Execution Vulnerability (MS Rating: Important; Symantec Urgency Rating 7.1/10)
A remote code execution vulnerability affects Windows when handling a specially crafted media files. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. A successful exploit will result in the execution of arbitrary attacker supplied code in the context of the currently logged-in user.
-
MS12-005 Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)
CVE-2012-0013 (BID 51284) Microsoft Windows ClickOnce Application Installer Remote Code Execution Vulnerability (MS Rating: Important; Symantec Urgency Rating 7.1/10)
A remote code execution vulnerability affects Windows in the way Windows Packager loads ClickOnce applications. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious Office file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
-
MS12-002 Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381)
CVE-2012-0009 (BID 51297) Microsoft Windows Object Packager Remote Code Execution Vulnerability (MS Rating: Important; Symantec Urgency Rating 7.1/10)
-
MS12-007 Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664)
CVE-2012-0007 (BID 51291) Microsoft AntiXSS Library Sanitization Module Security Bypass Vulnerability (MS Rating: Important; Symantec Urgency Rating 7.1/10)
A cross-site scripting vulnerability affects the Microsoft anti cross-site scripting (AntiXSS) library when handling certain HTML. An attacker can exploit this issue to disclose potentially sensitive information, such as cookie-based authentication credentials. Information obtained may aid in further attacks.
-
MS12-006 Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)
CVE-2011-3389 (BID 49778) SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability (MS Rating: Important; Symantec Urgency Rating 7.6/10)
A previously public (Sept 19, 2011) information disclosure vulnerability affects the SSL and TLS protocols. A man-in-the-middle attacker may be able to guess the ciphertext used in encrypted traffic, allowing them to decrypt HTTPS traffic to a targeted victim.
-
MS12-001 Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)
CVE-2012-0001 (BID 51296) Microsoft Windows Kernel CVE-2012-0001 SafeSEH Security Bypass Vulnerability (MS Rating: Important; Symantec Urgency Rating 7.5/10)
A security-bypass vulnerability affects Windows due to how the kernel loads the structured exception handling tables. A local attacker may be able to exploit this issue to bypass the SafeSEH security feature of an application; this may aid in further attacks.
-
MS12-003 Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)
CVE-2012-0005 (BID 51270) Microsoft Windows CSRSS CVE-2012-0005 Local Privilege Escalation Vulnerability (MS Rating: Important; Symantec Urgency Rating 6.6/10)
A local privilege-escalation vulnerability affects the Windows Client/Server Run-time Subsystem (CSRSS) due to the way it processes a sequence of specially crafted Unicode characters. A local attacker can exploit this issue to gain elevated privileges; this may facilitate a complete system compromise.
More information on the vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal, and to our customers through the DeepSight Threat Management System.