Patch Tuesday Valentine’s 2012

Monster super-critical Patch Tuesday for February 2013

Valentine from Mrs. W.Guess what time it is, poets, lovers and dreamers? Yup! Valenpatch Tuesday, er, maybe Patch Tinesday?

Microsoft is showing a lot of love for Windows by serving up nine bulletins this month. This is the first time I recall seeing Windows XP have fewer fixes released than Windows 7. Will this be a new pattern going forward?

Microsoft considers four of these critical and SophosLabs agrees, assigning MS12-016, MS12-013, MS12-010 and MS12-008 a high rating.

MS12-008 is a kernel driver vulnerability that could lead to remote code execution, MS12-010 is a remote execution flaw in all versions of Internet Explorer, MS12-013 is a remote code execution vulnerability in the C run-time on Windows 7/Vista/2008 and MS12-016 is a remote code execution vulnerability in Silverlight and the .NET framework.

Microsoft rated the remaining five as Important. SophosLabs agrees with two of these rating, MS12-009 and MS12-011, but considers MS12-015 to be medium and MS12-012 and MS12-014 to be high risk.

MS12-015 is a remote code execution in Visio Viewer that is triggered by a malicious Visio file, MS12-012 could allow remote code execution when opening a .icc (color profile) file on Windows 2008 and MS12-014 could allow an attacker to remotely execute code by tricking a user into loading a media file on Windows XP SP3.

As always the best practice is to apply all of these as soon as possible. If you need to prioritize, check our Microsoft’s nifty chart, posted every month as part of Patch Tuesday.

Creative Commons Patch Me Valentine as a Valentine from Mrs. W.