Patch Tuesday Analysis for January 2012

Seven bulletins were released today, one of them rated critical.

The one bulletin that contains critical updates is MS12-004 affecting Windows Media. This addresses 2 vulnerabilities and Microsoft indicates exploit code is likely. Accelerated testing and deployment is recommended.

The information disclosure vulnerability addressed with MS12-006 is publicly disclosed. However Microsoft indicates exploit code is unlikely. Most users expect HTTPS sessions to be securely encrypted.

For this month’s newsletter we had to add another exploit type to our list “Security feature bypass” Only software applications that were compiled using Microsoft Visual C++ .NET 2003 can be used to exploit this vulnerability. As a workaround Microsoft suggests recompiling the software with a newer version. This will be useful for admins that carefully control what software is allowed to be installed. SEHOP can also be enabled as a workaround.

MS12-002 relates a vulnerability in Windows Object Packager that could allow arbitrary code. The workarounds consisting of issuing a warning to the user is not 100% effective since the user would have to know what to do.

Only systems with the locale set to Chinese, Japanese and Korean are affected by an exploit the vulnerability in MS12-003. However all systems will be offered the patch to provide defense-in-depth.

The vulnerability described in MS12-005 allows attackers to embed ClickOnce application installers into Microsoft Office documents and execute code without user interaction. ClickOnce may be used by software vendors to update their software without user intervention.

MS12-007 indicates a vulnerability in Anti Cross Site Scripting Library. Developers using this technology should upgrade their libraries and then deploy to web sites using this technology.

An out-of-band bulletin affecting asp.net was released on 12/29/2011.

Bulletin	Exploit Types /Technologies Affected	System Types Affected	Exploit details public? / Being exploited?	Comprehensive, practical workaround available?	MS severity rating	Products Affected	Notes	Randy's recommendation
MS12-005 2584146	Arbitrary code / Windows	Workstations Terminal Servers	No/No	Yes	Important	XP Server 2003 Server 2008 Server 2008 R2 Windows 7		Patch after testing
MS12-002 2603381	Arbitrary code / Windows	Workstations	No/No	No	Important	XP Server 2003		Patch after testing
MS12-007 2607664	Information disclosure / Anti-XSS	Web Servers	No/No	No	Important	AntiXSS Library		Patch after testing
MS12-004 2636391	Arbitrary code / Windows Media Player	Workstations Servers	No/No	Yes	Critical	XP Vista Server 2003 Server 2008 Server 2008 R2 Windows 7 Media Center TV Pack	Restart Req'd	Patch after minimal testing
MS12-006 2643584	Information disclosure / Windows	Workstations Terminal Servers	Yes/No	No	Important	XP Vista Server 2003 Server 2008 Server 2008 R2 Windows 7	Restart Req'd	Patch after testing
MS12-001 2644615	Security feature bypass / Windows	Workstations Servers	No/No	Yes	Important	XP Vista Server 2003 Server 2008 Server 2008 R2 Windows 7	Restart Req'd	Patch after testing
MS12-003 2646524	Privilege elevation / Windows	Workstations Terminal Servers	No/No	No	Important	XP Vista Server 2003 Server 2008	Restart Req'd	Patch after testing

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime.

"Thank you. I am very glad I subscribed to this newsletter. Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

- Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Tuesday Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.

Upcoming Webinars

Additional Resources

Patch Analysis

•	Analysis Criteria
•	Patch Tuesday History
•	Research Patches

Follow @randyfsmith

About | Newsletter | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2013 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.