Microsoft Slays The Beast

- January 10th, 2012

 

In the first Patch Tuesday of 2012, Microsoft has addressed 1 critical issue and 6 important. It’s interesting to note that despite all of the media hype over “The Beast”, attacks have simply never materialized and the issue has retained its “Important” classification from Microsoft. Overall, we saw a reduction in the number of critical issues from Microsoft in 2011. To that end, we can anticipate Microsoft will bolster defense-in-depth efforts and will likely increase the numbers of important issues like privilege escalation.

Looking at the details:

MS12-004
Critical – Corrects a Media Player issue with remote code execution probability

MS12-001
Important – Corrects a Windows Kernel issue

MS12-002
Important – Corrects an Object Packager issue

MS12-003
Important – Corrects a CSRSS issue

MS12-005
Important – Corrects a .Net issue

MS12-006
Important – Slays the Beast by correcting the underlying related SSL/TLS issue

MS12-007
Important – Anti-XSS fix

This Patch Tuesday also saw the first use of a new security classification, Security Bypass Feature (SBF). This classification includes exploits that are not directly accessible themselves but could be used to facilitate an attack using another vulnerability (such as turning off UAC, DEP or ASLR before running another exploit). This first SBF patch enhances Microsoft’s SEHOP, or Structured Exception Handler Overwrite Protection to add additional defense-in-depth.

Priorities

For users with web facing assets using .Net / ASP who have not already installed the Out Of Band Patch released over the December holidays – this is your largest priority. Proof –of-concept code for the exploit is now circulating on the public Internet. Second on your priority list should be the Critical Media Player bulletin followed by the remaining important bulletins released today.

Other Patch Tuesday considerations this period

Adobe:
Outside of Microsoft, Adobe has released updates for Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh to resolve critical security issues.

Google Chrome:
Google has pushed out a browser update to fix at least three serious security vulnerabilities in its Chrome browser.

Oracle:
We expect Oracle to do their regular quarterly patch release on January 17.

Open SSL:
Versions 1.0.0f and 0.9.8s of the popular OpenSSL library, released this week, addresses six security flaws, including one that allows DTLS (Datagram Transport Layer Security) communications to be decrypted.

WiFi Issue:
Millions of WiFi Routers are vulnerable to a new attack. Belkin, Buffalo, D-Link, Cisco’s Linksys and Netgear WiFi Routers have been found to be vulnerable to a brute force attacks which can crack the Wi-Fi router’s security in as little as two to ten hours.

QR Codes:
Looking forward into 2012, all the stars are falling in to alignment to make the growing popularity of QR codes a catalyst to dramatically increase drive-by hacking events. Read our blog Post “QR Codes – Leading Lambs To The Slaughter”.

To research additional information around this month’s patches, visit the Lumension Endpoint Intelligence Center http://leic.lumension.com


About the Author

is one of the world’s foremost global information security and computer forensic experts in the industry. With more than 20 years of experience, Henry is a seasoned speaker, author and contributor for some of the leading security events and publications.

Follow Paul on Twitter @phenrycissp





Comments

One Response to “Microsoft Slays The Beast”

Leave a Reply


IT Secured. Success Optimized.™

Contact Lumension | Privacy Policy

Comments


Share

blog.lumension.com