HEAT Security Blog

More Love from Microsoft This February

A relatively light Patch Tuesday this month from Microsoft with 9 bulletins, 4 of which are critical. IT continues to benefit from Microsoft’s security initiatives in 2012 with comparatively lower numbers year on year. Last February, we saw 12 security bulletins in all (3 of which were critical and 9 important). It’s interesting to note that 4 of the issues being corrected this Patch Tuesday are publicly known.

The details:  
MS12-010 Corrects issues in Microsoft IE
4 different issues addressed that are not publicly known and are not believed to be under attack in the wild

MS12-013 Corrects issue in Microsoft C Runtime
Visual Studio is not affected, nor is third-party applications that dynamically link to msvcrt.dll.

MS12-008 Corrects Kernel issue
Though the issue was publicly disclosed, we have not seen any active attacks in the wild.

MS12-016 Corrects .Net/ Silverlight issue
This issue is only partially publicly disclosed, and we have not seen any active attacks in the wild.

MS12-012 Corrects Color UI issue
This is a DLL-preloading issue.

MS12-014 Corrects Indeo Codec issue
This is a DLL-preloading issue.

MS12-015 Corrects issue in Visio
This issue affects only Visio Viewer.

MS12-009 Corrects AFD issue
Would-be attackers would require authenticated, local access to the targeted machine; affects only 64-bit systems.

MS12-011 Corrects SharePoint issue
Customers using Internet Explorer 8 or 9 are at reduced risk from the issues addressed in this bulletin.

Prioritization When prioritizing, it would be prudent to address those issues that are “Publicly Known” first and then follow with other Critical issues followed by important issues.

Highest Priority:
MS12-011 is publicly known but no active attacks have been spotted: URL is: http://www.mindedsecurity.com/fileshare/Fedon_Athcon_June11.pdf
MS12-014 this is a DLL injection one and more details are available: URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4956.php
MS12-012 this is also a DLL injection issue and details are available: URL: http://shinnai.altervista.org/exploits/SH-006-20100914.html
MS12-008 this is a kernel EOP that was made public but details are no longer available but still considered public.

All in all, it’s a pretty sweet Valentine’s Day. We’ve had two fairly light patching periods in a row – with just 7 from Microsoft last month. Clearly, the company’s renewed focus is paying off. Now if folks would just follow through and patch!
The light patch load from Microsoft does not mean IT can sit back and relax however. A significant patch update from Oracle came out recently and as always, threats targeting Java must be addressed, as currently it is the “bad guys” most popular attack vector.
Other notable issues outside of Microsoft
In late January, Symantec told some 50,000 pc Anywhere users to stop using the software until a critical security flaw could be addressed. The patches were made available on or around January 30 to address the issues and Symantec is now offering free upgrades to anyone using older, unsupported versions.

As it has happened so many times in the past, Apple has released their patches in the shadow of Microsoft Patch Tuesday. This latest set of updates for Lion addresses 51 issues. It should be noted that some have reported application crashes after installing the 10.7 update. It seems that Microsoft does not have any exclusivity when it comes to patches breaking things.

Lastly Mozilla took care of a Critical vulnerability that could be used to run attacker code and install software, without requiring any user interaction beyond normal browsing.