Microsoft Slays The Beast
Paul Henry - January 10th, 2012
In the first Patch Tuesday of 2012, Microsoft has addressed 1 critical issue and 6 important. It’s interesting to note that despite all of the media hype over “The Beast”, attacks have simply never materialized and the issue has retained its “Important” classification from Microsoft. Overall, we saw a reduction in the number of critical issues from Microsoft in 2011. To that end, we can anticipate Microsoft will bolster defense-in-depth efforts and will likely increase the numbers of important issues like privilege escalation.
Looking at the details:
Critical – Corrects a Media Player issue with remote code execution probability
Important – Corrects a Windows Kernel issue
Important – Corrects an Object Packager issue
Important – Corrects a CSRSS issue
Important – Corrects a .Net issue
Important – Slays the Beast by correcting the underlying related SSL/TLS issue
Important – Anti-XSS fix
This Patch Tuesday also saw the first use of a new security classification, Security Bypass Feature (SBF). This classification includes exploits that are not directly accessible themselves but could be used to facilitate an attack using another vulnerability (such as turning off UAC, DEP or ASLR before running another exploit). This first SBF patch enhances Microsoft’s SEHOP, or Structured Exception Handler Overwrite Protection to add additional defense-in-depth.
For users with web facing assets using .Net / ASP who have not already installed the Out Of Band Patch released over the December holidays – this is your largest priority. Proof –of-concept code for the exploit is now circulating on the public Internet. Second on your priority list should be the Critical Media Player bulletin followed by the remaining important bulletins released today.
Other Patch Tuesday considerations this period
Outside of Microsoft, Adobe has released updates for Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh to resolve critical security issues.
Google has pushed out a browser update to fix at least three serious security vulnerabilities in its Chrome browser.
We expect Oracle to do their regular quarterly patch release on January 17.
Versions 1.0.0f and 0.9.8s of the popular OpenSSL library, released this week, addresses six security flaws, including one that allows DTLS (Datagram Transport Layer Security) communications to be decrypted.
Millions of WiFi Routers are vulnerable to a new attack. Belkin, Buffalo, D-Link, Cisco’s Linksys and Netgear WiFi Routers have been found to be vulnerable to a brute force attacks which can crack the Wi-Fi router’s security in as little as two to ten hours.
Looking forward into 2012, all the stars are falling in to alignment to make the growing popularity of QR codes a catalyst to dramatically increase drive-by hacking events. Read our blog Post “QR Codes – Leading Lambs To The Slaughter”.
To research additional information around this month’s patches, visit the Lumension Endpoint Intelligence Center http://leic.lumension.com