Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft’s January Patch Tuesday to Address Eight Vulnerabilities

Microsoft is starting the 2012 Patch Tuesday cycle off with a bang.

According to Microsoft’s advanced notification, the January security update will include seven bulletins addressing eight vulnerabilities across Windows and Microsoft developer tools and software. Just one of the bulletins is rated ‘critical.’ The other six are rated ‘important.’

Microsoft is starting the 2012 Patch Tuesday cycle off with a bang.

According to Microsoft’s advanced notification, the January security update will include seven bulletins addressing eight vulnerabilities across Windows and Microsoft developer tools and software. Just one of the bulletins is rated ‘critical.’ The other six are rated ‘important.’

Microsoft Patch TuesdayThe critical bulletin affects all of Microsoft’s desktop and server-based operating systems, from Windows XP to Windows Server 2008 R2, noted Rapid7 security researcher Marcus Carey.

“This is a bulletin that will affect companies and home users as well,” he said. “The critical bulletin should be tested and patched as soon as possible since an attacker could get remote code execution capability.”

“Last month there was speculation that the SSL BEAST (a Browser Exploit Against SSL/TLS) vulnerability would be patched,” he added. “Microsoft may deliver that patch this month and it would be included as an important bulletin.”

Angela Gunn, security response communications manager for Microsoft Trustworthy Computing, noted in a blog post that readers of the summary would notice an unusual vulnerability classification – “Security Feature Bypass” – for one of the company’s ‘Important’ bulletins.

“SFB-class issues in themselves can’t be leveraged by an attacker; rather, a would-be attacker would use them to facilitate use of another exploit,” she explained. “For those interested in learning more, we expect the SRD blog to publish a detailed analysis of the matter on Tuesday.”

Just last week, in a rare move, Microsoft broke its normal procedures and issued an emergency out-of-band security update to address a recently disclosed hash table vulnerability that affected various Web platforms industry-wide.

The Patch Tuesday security updates are scheduled to be released Jan. 10.

Written By

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.