Microsoft starts the year right by addressing eight vulnerabilities in its January 2012 round of patches. This update includes fixes for one Critical bulletin, while the rest are rated Important.
This month’s update covers several vulnerabilities in Microsoft Windows, including those found in Windows Object Packager, Windows Media Player, and Windows Object Packager.
The only bulletin rated Critical was ‘Vulnerabilities in Windows Media Could Allow Remote Code Execution’. The vulnerabilities included in the said bulletin could allow remote code execution when users open a specially-crafted media file.
Also corrected in this patch Tuesday release is the way Media Player handles specially-crafted MIDI files and the way DirectShow parses media files. This update applies to all versions of Windows, including Windows 7.
In addition, MS12-006 fixes the BEAST vulnerability in SSL/TLS protocols, which potentially allowed a malicious user to conduct man-in-the-middle attacks on secure traffic.