| By Susan Bradley |
We start 2012 with the usual suspects: media-player patching, Windows Kernel, and MS Office.
Most of the patches this round are not critical, but the most unusual is a much-anticipated fix for an SSL vulnerability called the BEAST attack.
MS12-004 (2631813 and 2636391)
Media vulnerabilities kick off 2012 patches
Our lone critical update from Microsoft for this Patch Tuesday fixes flaws in Windows Multimedia Library, and it applies to various media-file formats. It impacts MIDI files played by Windows Media Player, as well as maliciously coded files that show captions. It’s expected that this exploit will soon be used in the wild.
The patch applies to all supported versions of Windows, but it’s of less risk to Windows 7 platforms, as noted in a Microsoft Security Research & Defense blog. Also, Windows Media Player 12 turns off closed captioning by default, so it’s less vulnerable to attacks. The patch is rated important for MS DirectShow.
► What to do: See MS12-004 for more information and links to patches. With Windows XP, you’ll get both KB 2631813 and KB 2636391; with Win7, you’ll get just KB 2636391.
Another Kernel patch to fix a security feature
In an unusual twist, Windows XP SP3 users get a bye on this patch; for everyone else, it’s an important update.
This relatively obscure exploit targets only those software applications compiled with the now-outdated Visual C++ .NET 2003 and using a security protection called SafeSEH. In this specific circumstance, an attacker could bypass the SafeSEH code installed in an application and then use other exploits to compromise Windows systems. You can find more information than you probably want to know about this exploit on the Accuvant blog, “Old meets new: Microsoft Windows SafeSEH incompatibility” and in a Microsoft Security Research & Defense blog.