ID: IRCNE2012011374
Date: 2012-01-11
According to “ZDNet”, Microsoft has dropped its first batch of security bulletins for 2012: Seven bulletins with cover for at least eight vulnerabilities affecting all versions of the Windows operating system.
The company is urging Windows users to pay special attention to MS12-004, a “critical” bulletin that provides fixes for two serious flaws in the way Windows Media handles certain media files.
The first issue can be exploited if a hacker used a specially crafted MIDI file, Microsoft warned. The successful attacker could gain remote code execution against a target running the ubiquitous Windows Media Player.
The second critical vulnerability is caused when when filters in DirectShow do not properly handle specially crafted media files. DirectShow is a part of Microsoft DirectX, a Windows feature used for streaming media on Windows operating systems to enable graphics and sound when playing games or watching video.
Microsoft expects to see reliable exploit code against these vulnerabilities within 30 days so it’s important that Windows users treat MS12-004 with the utmost priority.
Here’s a quick look at the other issues in this January patch batch:
- MS12-001: Vulnerability in Windows Kernel Could Allow Security Feature Bypass
- MS12-002: Vulnerability in Windows Object Packager Could Allow Remote Code Execution
- MS12-003: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege
- MS12-005: Vulnerability in Microsoft Windows Could Allow Remote Code Execution
- MS12-006 Vulnerability in SSL/TLS Could Allow Information Disclosure
- MS12-007: Vulnerability in AntiXSS Library Could Allow Information Disclosure
Related Links:
The first Microsoft Tuesday Patch in 2012 is coming
- 2