Microsoft Delivers 7 Fixes in January Security Update

As promised in its advance notification last week, Microsoft released seven security bulletins for this month.

Only one has been deemed "critical," with the remaining described as "important." The critical fix, bulletin MS12-004, addresses two privately reported issues in Windows Media Player that could allow an intruder to carry out a remote code execution attack if a specially designed media file were to be downloaded and opened.

Media players represent easy targets for attackers, according to Marcus Carey, a security researcher at Rapid7.

"This [bulletin] should serve as a reminder that we should expect researchers and attackers to continue to exploit client applications such as media players and browsers," said Carey. "In fact, media players are the target of non-stop fuzzing: the process of throwing the kitchen sink at an application to find where it breaks."

Microsoft's first important item of the month, bulletin MS12-001, is noteworthy for being classified as a "Security Features Bypass." That vulnerability impact designation represents a first for a Microsoft bulletin. This item blocks a reported problem in which an outsider could bypass the SafeSEH features in Microsoft C++ .NET. If exploited, the flaw could allow an attacker to bypass security protocols and load harmful code on a machine.

Many third-party security experts, including Joshua Talbot, a security intelligence manager at Symantec Security Response, believe that this important item should be put at the top of IT's "to-do" list.

"Although only rated important, we actually picked the Assembly Execution Vulnerability as the most severe issue this month," said Talbot. "The vulnerability is due to an oversight that allows an attacker to run malware as soon as a user opens a Word or PowerPoint file. E-mail attachments will probably be the most common attack method in which this vulnerability is exploited."

Another notable bulletin this month includes a fix for a Secure Socket Layer (SSL) 3.0 and Transport Layer Security (TLS) 1.0. flaw (bulletin MS12-006) that could be exploited with a toolkit called BEAST, which was demonstrated last September. According to those demonstrating the flaw, an attacker could have malicious code uploaded and executed on a computer within 10 minutes.

In response, Microsoft released Security Advisory 2588513 that documented a possible workaround. The advisory notes that Microsoft is working on a permanent fix. The plan was to release the bulletin in last month's security update, but Microsoft had to pull it at the last moment when it encountered compatibility issues with third-party software.

Three of the four remaining important bulletins target two remote code execution vulnerabilities and one elevation of privilege flaw in Windows, while the final bulletin deals with an information disclosure issue in Microsoft's Anti-Cross Site Scripting (AntiXSS) Library.

Detailed information and suggestions for the deployment of January's security update can be found here. Most of the fixes will require a restart to take effect.

With the arrival of Patch Tuesday, it is also a good time to remind many who might have missed it over the holidays of the out-of-band patch released by Microsoft on Dec. 29. This bulletin addressed three issues with Microsoft's framework for ASP.NET.


About the Author

Chris Paoli is the site producer for and


  • RAMBleed Side-Channel Attack Method Disclosed by Researchers

    Academic researchers this week published information about another side-channel attack method, called "RAMBleed," that can expose information from memory chips, including encryption key information.

  • Penguin

    Windows 10 Preview Build 18917 Shows Off New Linux Integration

    Microsoft's latest Windows 10 "fast-ring" preview release is showcasing a coming Delivery Optimization enhancement, along with the ability to try the newly emerged Windows Subsystem for Linux version 2.

  • Customizing Microsoft Office 365

    While the overall look and feel of Office 365 is pretty standard across organizations, there are several ways to personalize it and make it fit better with your company's specific needs.

  • Microsoft 365 Business Tenants Getting Conditional Access and Trouble-Ticket Features

    Microsoft added its conditional access security service to Microsoft 365 Business subscriptions, according to a Wednesday announcement, and it also added new trouble-ticket features for Microsoft 365 administrators.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.