Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Microsoft Patch Tuesday Closes Critical Windows, Internet Explorer Security Holes

Microsoft patched more than two dozen security vulnerabilities across several of its products and rolled out a new update feature in response to the Flame attacks in a busy Patch Tuesday.

This month’s security update featured seven bulletins, including three that are rated ‘Critical’ and touch issues related to Internet Explorer, the .NET Framework and the Remote Desktop Protocol (RDP). The other four bulletins are rated ‘important.’

Microsoft patched more than two dozen security vulnerabilities across several of its products and rolled out a new update feature in response to the Flame attacks in a busy Patch Tuesday.

This month’s security update featured seven bulletins, including three that are rated ‘Critical’ and touch issues related to Internet Explorer, the .NET Framework and the Remote Desktop Protocol (RDP). The other four bulletins are rated ‘important.’

In addition to the bulletins however, Microsoft also released an automatic updater feature for Windows Vista and Windows 7 untrusted certificates. Last week, security researchers discovered fraudulent certificates were used in the Flame attacks to abuse the Windows update mechanism.

“This new automatic updater feature provides a mechanism that allows Windows to specifically flag certificates as untrusted,” Angela Gunn of Microsoft’s Trustworthy Computing Group explained in a blog post. “With this new feature, Windows will check daily for updated information about certificates that are no longer trustworthy. In the past, movement of certificates to the untrusted store required a manual update. This new automatic update mechanism, which relies on a list of untrusted certificates known as a Disallowed Certificate Trust List (CTL), is detailed on the PKI blog.”

Among the bulletins, MS-12-037, which contains 13 security fixes for Internet Explorer, is being regarded by some security researchers as one of the most important to deploy immediately. One of the vulnerabilities it fixes, CVE-2012-1875, is already being used in limited attacks in the wild. The bulletin also fixes CVE-2012-1876, which was used by VUPEN Security during the PWN2OWN contest held early this year at CanSecWest.

“We’re getting our usual, every other month update to Internet Explorer, and as usual it’s the one to patch first,” said Andrew Storms, director of security operations at nCircle. “Microsoft has already seen limited exploits for this bug in the wild. Browser-based bugs are easy pickings for attackers, so don’t delay deploying this patch.”

Another critical bulletin garnering attention is MS12-036, which addresses a vulnerability in Remote Desktop that could enable remote code execution if an attacker sends a sequence of specially-crafted RDP packets to a vulnerable system. RDP is not enabled by default in Windows however, and systems that do not have it enabled are not at risk.

Advertisement. Scroll to continue reading.

“This relates to MS12-020, which had organizations on high alert in March after Microsoft issued warnings that the vulnerability could be weaponized to result in widespread attacks,” noted Marcus Carey, security researcher at Rapid7. “Up to now, MS12-020 has only been exploited as a reliable denial of service attack; however, from what I understand MS12-036 may offer a more reliable attack vector for exploitation. The silver lining is that after MS12-020, many organizations took preventative measures to disable RDP, especially at egress points in their networks. If organizations must run RDP on the Internet, they should test and deploy MS12-020 patches as soon as possible.”

The final critical bulletin deals with the .NET Framework, and could permit remote code execution if a user views a malicious Webpage using a browser that can run XAML Browser Applications (XBAPs). The vulnerability could also be used by Windows .NET Framework applications to bypass Code Access Security (CAS) restrictions.

In addition to the bulletins, Microsoft also released an advisory regarding a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0 and 6.0. According to Microsoft, the issue exists when MSXML attempts to access an object in memory that has not been initialized, which may corrupt memory and ultimately allow an attacker to execute code.   Gunn explained that the investigation into the vulnerability is ongoing, and that the company has released a workaround for anyone who believes they are affected.

 

 

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

The Zero Day Dilemma

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Endpoint Security

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...