One critical and six important Microsoft patches to start 2012
The start of the Olympic year of 2012 sees a quick release of 7 patches from Microsoft, including 1 that addresses a critical vulnerability that allows remote code execution when exploited. Websense® Security Labs strongly recommends that you update to the latest patches to avoid attacks from cyber criminals.
Not surprisingly, Microsoft marked the recently discovered MIDI vulnerability (CVE-2012-0003) as critical, as it received huge publicity in the beginning of the year and is likely to be seen in exploit kits in the near future. With this bug, an attacker can run arbitrary code on a remote computer using a specially crafted MIDI file. The executed code runs with the same privileges as the local user, so a well-defined user policy could prevent further damage on the computer. Another patch In this latest bulletin fixes the DirectShow remote code execution vulnerability (CVE-2012-0004). With this one, an attacker can execute malicious code on a remote computer without user interaction using a specially crafted media file.
The infamous BEAST (Browser Exploit Against SSL/TLS) vulnerability has also been fixed with the January Tuesday Patch. With this vulnerability (identified as CVE-2011-3389 in mitre.org), a cyber criminal can act as a "man-in-the-middle" and interfere with the SSL (Secure Sockets Layer) protocol. As a result, an attacker can obtain the HTTP header in plain text, allowing access to session cookies.
Websense Security Labs and our ThreatSeeker™ Network are constantly monitoring for these threats occurring in the wild.