First Patch Tuesday of 2012 covers 7 MS bulletins, 6 Adobe and tackles the BEAST

Microsoft deployment prioritiesMicrosoft has issued its January 2012 Patch Tuesday release with the long awaited fix for the BEAST attack disclosed late last year.

There is only one critical bulletin this month, MS12-004, which covers two vulnerabilities related to Windows Media files. A specially crafted malicious media file could allow remote code execution, but only with the privileges of the logged-in user.

Microsoft classifies MS12-001 as a security feature bypass and considers it important along with the other five bulletins.

If Windows programs crash, they are designed to use a special error handler called SafeSEH. There is a bug in SafeSEH that could allow malicious applications compiled with Visual C++ .NET 2003 to manipulate the exception handler to execute arbitrary code.

Bulletins MS12-002 and MS12-005 both cover remote code execution vulnerabilities that could allow an attacker to run arbitrary code as the logged-in user.

MS12-003 is a bit obscure and could allow elevation of privilege on systems older than Windows 7 or Windows 2008 R2 which are using Chinese, Japanese or Korean system locales.

MS12-006 tackles the problems introduced last October by the BEAST attack against SSL/TLS1.0. Microsoft has updated its libraries to ensure that TLS 1.1/TLS 1.2 and all ciphers which do not use CBC (Cipher Block Chaining) mode are not vulnerable.

MS12-007 affects system administrators who are using Microsoft’s AntiXSS (Cross Site Scripting) libraries to sanitize input on their websites. If your web team uses Microsoft AntiXSS you should apply this update as soon as possible.

Acrobat logoAdobe also released its quarterly update for Adobe Acrobat and Adobe Reader. This month, Adobe patched six CVEs for Adobe Acrobat/Reader 9 users, including two bugs previously patched with out-of-band fixes last year.

The other four vulnerabilities could lead to remote code execution, which is always a bad thing. Adobe has bundled in the security fixes for the embedded version of Flash that is included in Adobe Reader as well.

I would like to point out one thing before you run off to start patching and testing your systems. You’ll notice that most of the Microsoft bulletins can only execute code with the privileges of the logged in user.

Despite all the complaints about UAC and the other methods Microsoft supplies for elevating privilege, it is critical to take advantage of these technologies if your users occasionally require administrative rights.

Not being an admin significantly lowers your risk. There wasn’t really a good excuse for giving everyone admin rights back in the days of Win XP, so there’s certainly no excuse in 2012.

Only administrators should have administrator rights, and they should be logged in as administrators only when they are actually involved in administration tasks. (It’s amazing how obvious this sounds when written out that way, isn’t it?)

Being slack with admin privileges means you’re putting yourself – and everyone around you on the internet – at needless risk.