Microsoft is starting the 2012 Patch Tuesday cycle off with a bang.
According to Microsoft’s advanced notification, the January security update will include seven bulletins addressing eight vulnerabilities across Windows and Microsoft developer tools and software. Just one of the bulletins is rated ‘critical.’ The other six are rated ‘important.’
The critical bulletin affects all of Microsoft’s desktop and server-based operating systems, from Windows XP to Windows Server 2008 R2, noted Rapid7 security researcher Marcus Carey.
“This is a bulletin that will affect companies and home users as well,” he said. “The critical bulletin should be tested and patched as soon as possible since an attacker could get remote code execution capability.”
“Last month there was speculation that the SSL BEAST (a Browser Exploit Against SSL/TLS) vulnerability would be patched,” he added. “Microsoft may deliver that patch this month and it would be included as an important bulletin.”
Angela Gunn, security response communications manager for Microsoft Trustworthy Computing, noted in a blog post that readers of the summary would notice an unusual vulnerability classification – “Security Feature Bypass” – for one of the company’s ‘Important’ bulletins.
“SFB-class issues in themselves can’t be leveraged by an attacker; rather, a would-be attacker would use them to facilitate use of another exploit,” she explained. “For those interested in learning more, we expect the SRD blog to publish a detailed analysis of the matter on Tuesday.”
Just last week, in a rare move, Microsoft broke its normal procedures and issued an emergency out-of-band security update to address a recently disclosed hash table vulnerability that affected various Web platforms industry-wide.
The Patch Tuesday security updates are scheduled to be released Jan. 10.
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers
- Vulnerabilities in OpenEMR Healthcare Software Expose Patient Data
- Russia-Linked APT29 Uses New Malware in Embassy Attacks
- Meta Awards $27,000 Bounty for 2FA Bypass Vulnerability
- The Effect of Cybersecurity Layoffs on Cybersecurity Recruitment
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
