Microsoft is starting the 2012 Patch Tuesday cycle off with a bang.
According to Microsoft’s advanced notification, the January security update will include seven bulletins addressing eight vulnerabilities across Windows and Microsoft developer tools and software. Just one of the bulletins is rated ‘critical.’ The other six are rated ‘important.’
The critical bulletin affects all of Microsoft’s desktop and server-based operating systems, from Windows XP to Windows Server 2008 R2, noted Rapid7 security researcher Marcus Carey.
“This is a bulletin that will affect companies and home users as well,” he said. “The critical bulletin should be tested and patched as soon as possible since an attacker could get remote code execution capability.”
“Last month there was speculation that the SSL BEAST (a Browser Exploit Against SSL/TLS) vulnerability would be patched,” he added. “Microsoft may deliver that patch this month and it would be included as an important bulletin.”
Angela Gunn, security response communications manager for Microsoft Trustworthy Computing, noted in a blog post that readers of the summary would notice an unusual vulnerability classification – “Security Feature Bypass” – for one of the company’s ‘Important’ bulletins.
“SFB-class issues in themselves can’t be leveraged by an attacker; rather, a would-be attacker would use them to facilitate use of another exploit,” she explained. “For those interested in learning more, we expect the SRD blog to publish a detailed analysis of the matter on Tuesday.”
Just last week, in a rare move, Microsoft broke its normal procedures and issued an emergency out-of-band security update to address a recently disclosed hash table vulnerability that affected various Web platforms industry-wide.
The Patch Tuesday security updates are scheduled to be released Jan. 10.
