News

Microsoft February Security Update Includes 4 'Critical' RCE Fixes

Microsoft today released its Security Update for the month of February, featuring four bulletin items classified as "critical" and five "important."

The nine items pushed out from Microsoft will address 21 vulnerabilities in Windows, Internet Explorer, Silverlight, .NET Framework, Office and server software.

Critical Items
The first critical item,  bulletin MS12-008, fixes two issues in all supported versions of Windows. If left unpatched, this flaw could permit a remote code execution attack if a malicious application is used or a malicious Web site is visited by a user. According to Microsoft, the fix is associated with how Graphics Device Interface (GDI) calls are handled.

"The security update addresses the vulnerabilities by modifying the way that the Windows kernel-mode driver handles user mode calls to GDI and handles keyboard layout errors."

Next critical item is bulletin MS12-010, which fixes four remote code execution vulnerabilities in Microsoft's Internet Explorer browser. If not applied, malicious code could be hidden in content when a user copies and pastes from a specially crafted Web site. 

Responding directly to this bulletin item, Marcus Carey, security researcher at Rapid7, said that this won't be the end of these types of vulnerabilities making it into Microsoft's Web browser and its Windows Media player. And, due to the higher interaction of these programs with the average user, these types of vulnerabilities will always be a top risk.

"The problem with browser and media player compromises is that the end-user is unaware that they have been compromised, which can lead to the kind of long term breaches we see reported in the news these days," wrote Carey in an e-mail.

The third critical item, bulletin MS12-013, is designed to deter remote code execution attacks for Windows users, like critical item No. 1. However, unlike that earlier bulletin, which addresses vulnerabilities in the Windows kernel, this item fixes a hole in the C runtime library for Windows 7, Vista and Windows Server 2008 R2.

According to Microsoft, the bulletin modifies "how the dynamic link library (DLL) calculates the size of data structures in memory." This modification, in turn, makes it less likely that attackers will be capable of exploiting the vulnerability.

Tyler Reguly, technical manager of security research and development at security firm nCircle, said that this item may raise some eyebrows this month.

"The most interesting bulletin today is the vulnerability affecting the C run-time library," Reguly wrote in an e-mail. "Everyone is likely to see this critical vulnerability and freak out. However, it's important to note that the attack vector is limited."

The final critical item, bulletin MS12-016, affects both Microsoft .NET Framework and Microsoft Silverlight. If left unpatched, a remote code execution attack could occur when a user visits a Web site hiding malicious objects -- that is, if the browser is capable of  running XAML Browser Applications (XBAPs) or Silverlight apps.

Here's a rundown of Microsoft's important items for the month:

  • MS12-009 -- Fixes two privately reported issues in Windows 7, XP, Windows Server 2008 and Windows Server 2008 R2 that could lead to a remote code execution (if the attacker has valid login credentials).
  • MS12-011 -- Addresses three remote code execution issues in Microsoft SharePoint and SharePoint Foundation by fixing the way the programs "validates and sanitizes user input."
  • MS12-012 -- Corrects an issue that could allow outside access to a system using a malicious DLL file. This bulletin changes how the Color Control Panel loads external libraries.
  • MS12-014 -- Fixes a remote code execution flaw in Windows XP Service Pack 3 by correcting how the Indeo Codec loads external libraries.
  • MS12-015 --  Patches five Office vulnerabilities that could lead to a remote code execution if a specially created Visio Viewer file was downloaded and opened.

When prioritizing items in Microsoft's Security Update, items deemed critical should be pushed through as soon as proper testing is complete. About half of the patches will require system restarts.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus