Gladiator Research and Security

Microsoft has announced seven new patches today, including three that could allow remote code execution.  MS12-004 is rated Critical by Microsoft and Gladiator recommends all institutions install this patch as soon as possible.  Additionally, Gladiator rates MS12-005 as critical and recommends all institutions apply this patch as soon as possible.  All other patches can be applied during your normal patch window.  Detailed information regarding the patches can be found in Microsoft’s January Security Bulletin.  Summary information is included below:

• Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)  MS12-004 - This security update resolves two privately reported vulnerabilities in Microsoft Windows. Microsoft rates this patch as Critical.  These vulnerabilities could allow remote code execution if a user opens a specially crafted media file.
• Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615) MS12-001 – This security update resolves a privately reported vulnerability in Microsoft Windows. Microsoft rates this patch as Important.  This vulnerability could allow an attacker to bypass the SafeSEH security feature and possibly run arbitrary code.
• Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381) MS12-002 – This security update resolves a privately reported vulnerability in Microsoft Windows. Microsoft rates this patch as Important.  This vulnerability could allow remote code execution if a user opens a legitimate file located in the same directory as specially crafted executable.
• Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524) MS12-003 – This security update resolves a privately reported vulnerability in Microsoft Windows. Microsoft rates this patch as Important.  Windows 7 and Windows Server 2008 RT are not affected by this vulnerability.  This vulnerability could allow elevation of privileges if a user runs a specially crafted executable on a system with Chinese, Japanese, or Korean system locales.
• Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146) MS12-005 – This security update resolves a privately reported vulnerability in Microsoft Windows. Microsoft rates this patch as Important.   This vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file with an embedded ClickOnce application.
• Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146) MS12-005 – This security update resolves a publicly reported vulnerability in SSL 3.0 and TLS 1.0. Microsoft rates this patch as Important.   This vulnerability could allow information disclosure in intercepted web traffic.
• Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664) MS12-007 – This security update resolves a publicly reported vulnerability in the Microsoft Anti-Cross Site Scripting (AntiXSS) Library. Microsoft rates this patch as Important.   This vulnerability could allow information disclosure if an attacker passes a malicious script to a website using the AntiXSS Library.

Reference Links:

• Microsoft Patch Bulletin (http://technet.microsoft.com/en-us/security/bulletin/ms12-jan)
• SANS ISC Diary Patch Tuesday Summary (http://isc.sans.org/diary/January+2012+Microsoft+Black+Tuesday+Summary/12361)