First Patch Tuesday of 2012 covers 7 MS bulletins, 6 Adobe and tackles the BEAST

Filed Under: Adobe, Featured, Vulnerability

Microsoft deployment prioritiesMicrosoft has issued its January 2012 Patch Tuesday release with the long awaited fix for the BEAST attack disclosed late last year.

There is only one critical bulletin this month, MS12-004, which covers two vulnerabilities related to Windows Media files. A specially crafted malicious media file could allow remote code execution, but only with the privileges of the logged-in user.

Microsoft classifies MS12-001 as a security feature bypass and considers it important along with the other five bulletins.

If Windows programs crash, they are designed to use a special error handler called SafeSEH. There is a bug in SafeSEH that could allow malicious applications compiled with Visual C++ .NET 2003 to manipulate the exception handler to execute arbitrary code.

Bulletins MS12-002 and MS12-005 both cover remote code execution vulnerabilities that could allow an attacker to run arbitrary code as the logged-in user.

MS12-003 is a bit obscure and could allow elevation of privilege on systems older than Windows 7 or Windows 2008 R2 which are using Chinese, Japanese or Korean system locales.

MS12-006 tackles the problems introduced last October by the BEAST attack against SSL/TLS1.0. Microsoft has updated its libraries to ensure that TLS 1.1/TLS 1.2 and all ciphers which do not use CBC (Cipher Block Chaining) mode are not vulnerable.

MS12-007 affects system administrators who are using Microsoft's AntiXSS (Cross Site Scripting) libraries to sanitize input on their websites. If your web team uses Microsoft AntiXSS you should apply this update as soon as possible.

Acrobat logoAdobe also released its quarterly update for Adobe Acrobat and Adobe Reader. This month, Adobe patched six CVEs for Adobe Acrobat/Reader 9 users, including two bugs previously patched with out-of-band fixes last year.

The other four vulnerabilities could lead to remote code execution, which is always a bad thing. Adobe has bundled in the security fixes for the embedded version of Flash that is included in Adobe Reader as well.

I would like to point out one thing before you run off to start patching and testing your systems. You'll notice that most of the Microsoft bulletins can only execute code with the privileges of the logged in user.

Despite all the complaints about UAC and the other methods Microsoft supplies for elevating privilege, it is critical to take advantage of these technologies if your users occasionally require administrative rights.

Not being an admin significantly lowers your risk. There wasn't really a good excuse for giving everyone admin rights back in the days of Win XP, so there's certainly no excuse in 2012.

Only administrators should have administrator rights, and they should be logged in as administrators only when they are actually involved in administration tasks. (It's amazing how obvious this sounds when written out that way, isn't it?)

Being slack with admin privileges means you're putting yourself - and everyone around you on the internet - at needless risk.

, , , , , , , ,

You might like

One Response to First Patch Tuesday of 2012 covers 7 MS bulletins, 6 Adobe and tackles the BEAST

  1. letsjustsayfrank ยท 1017 days ago

    "Only administrators should have administrator rights"

    This is not nearly as obvious as you think it is. I'm a user, we're all just users. Who are our admins supposed to be?

    If they have a privilege escalating exploit I'm boned either way so it doesn't protect against exploits.

    If they trick me into trusting it I'm going to be infected because I'll just hop onto my admin account.

    LUA really doesn't do anything except provide the illusion of security, UAC is similar except that it comes with a nice MIAC/ ACL and forces developers to stop requesting rights all of the time that they don't need. Of course, a push of a button and I've just bypassed all of that.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.