Microsoft February Security Update Includes 4 'Critical' RCE Fixes
Microsoft today released its Security Update for the month of February, featuring four bulletin items classified as "critical" and five "important."
The nine items pushed out from Microsoft will address 21 vulnerabilities in Windows, Internet Explorer, Silverlight, .NET Framework, Office and server software.
The first critical item, bulletin MS12-008, fixes two issues in all supported versions of Windows. If left unpatched, this flaw could permit a remote code execution attack if a malicious application is used or a malicious Web site is visited by a user. According to Microsoft, the fix is associated with how Graphics Device Interface (GDI) calls are handled.
"The security update addresses the vulnerabilities by modifying the way that the Windows kernel-mode driver handles user mode calls to GDI and handles keyboard layout errors."
Next critical item is bulletin MS12-010, which fixes four remote code execution vulnerabilities in Microsoft's Internet Explorer browser. If not applied, malicious code could be hidden in content when a user copies and pastes from a specially crafted Web site.
Responding directly to this bulletin item, Marcus Carey, security researcher at Rapid7, said that this won't be the end of these types of vulnerabilities making it into Microsoft's Web browser and its Windows Media player. And, due to the higher interaction of these programs with the average user, these types of vulnerabilities will always be a top risk.
"The problem with browser and media player compromises is that the end-user is unaware that they have been compromised, which can lead to the kind of long term breaches we see reported in the news these days," wrote Carey in an e-mail.
The third critical item, bulletin MS12-013, is designed to deter remote code execution attacks for Windows users, like critical item No. 1. However, unlike that earlier bulletin, which addresses vulnerabilities in the Windows kernel, this item fixes a hole in the C runtime library for Windows 7, Vista and Windows Server 2008 R2.
According to Microsoft, the bulletin modifies "how the dynamic link library (DLL) calculates the size of data structures in memory." This modification, in turn, makes it less likely that attackers will be capable of exploiting the vulnerability.
Tyler Reguly, technical manager of security research and development at security firm nCircle, said that this item may raise some eyebrows this month.
"The most interesting bulletin today is the vulnerability affecting the C run-time library," Reguly wrote in an e-mail. "Everyone is likely to see this critical vulnerability and freak out. However, it's important to note that the attack vector is limited."
The final critical item, bulletin MS12-016, affects both Microsoft .NET Framework and Microsoft Silverlight. If left unpatched, a remote code execution attack could occur when a user visits a Web site hiding malicious objects -- that is, if the browser is capable of running XAML Browser Applications (XBAPs) or Silverlight apps.
Here's a rundown of Microsoft's important items for the month:
- MS12-009 -- Fixes two privately reported issues in Windows 7, XP, Windows Server 2008 and Windows Server 2008 R2 that could lead to a remote code execution (if the attacker has valid login credentials).
- MS12-011 -- Addresses three remote code execution issues in Microsoft SharePoint and SharePoint Foundation by fixing the way the programs "validates and sanitizes user input."
- MS12-012 -- Corrects an issue that could allow outside access to a system using a malicious DLL file. This bulletin changes how the Color Control Panel loads external libraries.
- MS12-014 -- Fixes a remote code execution flaw in Windows XP Service Pack 3 by correcting how the Indeo Codec loads external libraries.
- MS12-015 -- Patches five Office vulnerabilities that could lead to a remote code execution if a specially created Visio Viewer file was downloaded and opened.
When prioritizing items in Microsoft's Security Update, items deemed critical should be pushed through as soon as proper testing is complete. About half of the patches will require system restarts.