Microsoft is starting 2012 with a surprisingly large first release of seven security bulletins covering eight separate vulnerabilities. In contrast, in past years we usually had relatively small January release containing only one or two bulletins.
The first six bulletins affect various versions of the Windows Operating System, from XP SP3 up to the newest versions Windows 7 and Windows 2008 R2. The seventh bulletin covers Microsoft Developer Tools.
Bulletin one is the single bulletin rated as ‘critical’ and should be considered the priority, however for users of Windows 7 and Windows 2008 R2 its severity is downgraded to ‘important’. Bulletins three and five, while rated ‘important’ both involve Remote Code Execution, most likely through a specifically crafted input file to one of the Windows standard programs and should also be high on your list of bulletins to look at.
Bulletin two stands out as it is tagged as ‘Security Feature Bypass’, which is a new category. Next Tuesday it will be interesting to see, which exact Windows features are involved and how this vulnerability can be used by attackers.
As usual, the newest versions of Windows, 7 and 2008 R2 have less exposure, as they are not susceptible at all to bulletins three and four.
Please be also aware that both Adobe and Oracle will release their quarterly updates this month as well, on January 10th and January 17th respectively. Parts of Adobe’s release will cover CVE-2011-4369 in Adobe Reader X, which they had addressed for Adobe Reader 9 out-of-band due to exploits in the wild on December 16th.
Author: Wolfgang Kandek, CTO, Qualys.