Patch Tuesday Analysis for January 2012

Seven bulletins were released today, one of them rated critical.

The one bulletin that contains critical updates is MS12-004 affecting Windows Media. This addresses 2 vulnerabilities and Microsoft indicates exploit code is likely. Accelerated testing and deployment is recommended.

The information disclosure vulnerability addressed with MS12-006 is publicly disclosed. However Microsoft indicates exploit code is unlikely. Most users expect HTTPS sessions to be securely encrypted.

For this month’s newsletter we had to add another exploit type to our list “Security feature bypass” Only software applications that were compiled using Microsoft Visual C++ .NET 2003 can be used to exploit this vulnerability. As a workaround Microsoft suggests recompiling the software with a newer version. This will be useful for admins that carefully control what software is allowed to be installed. SEHOP can also be enabled as a workaround.

MS12-002 relates a vulnerability in Windows Object Packager that could allow arbitrary code. The workarounds consisting of issuing a warning to the user is not 100% effective since the user would have to know what to do.

Only systems with the locale set to Chinese, Japanese and Korean are affected by an exploit the vulnerability in MS12-003. However all systems will be offered the patch to provide defense-in-depth.

The vulnerability described in MS12-005 allows attackers to embed ClickOnce application installers into Microsoft Office documents and execute code without user interaction. ClickOnce may be used by software vendors to update their software without user intervention.

MS12-007 indicates a vulnerability in Anti Cross Site Scripting Library. Developers using this technology should upgrade their libraries and then deploy to web sites using this technology.

An out-of-band bulletin affecting asp.net was released on 12/29/2011.

BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS12-005

2584146
Arbitrary code

/ Windows
Workstations
Terminal Servers
No/NoYesImportant XP
Server 2003
Server 2008
Server 2008 R2
Windows 7
 Patch after testing
MS12-002

2603381
Arbitrary code

/ Windows
Workstations
No/NoNoImportant XP
Server 2003
 Patch after testing
MS12-007

2607664
Information disclosure

/ Anti-XSS
Web Servers
No/NoNoImportant AntiXSS Library
 Patch after testing
MS12-004

2636391
Arbitrary code

/ Windows Media Player
Workstations
Servers
No/NoYesCritical XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Media Center TV Pack
Restart Req'dPatch after minimal testing
MS12-006

2643584
Information disclosure

/ Windows
Workstations
Terminal Servers
Yes/NoNoImportant XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Restart Req'dPatch after testing
MS12-001

2644615
Security feature bypass

/ Windows
Workstations
Servers
No/NoYesImportant XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Restart Req'dPatch after testing
MS12-003

2646524
Privilege elevation

/ Windows
Workstations
Terminal Servers
No/NoNoImportant XP
Vista
Server 2003
Server 2008
Restart Req'dPatch after testing

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Tuesday Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.