Microsoft starts the year right by addressing eight vulnerabilities in its January 2012 round of patches. This update includes fixes for one Critical bulletin, while the rest are rated Important.
This month’s update covers several vulnerabilities in Microsoft Windows, including those found in Windows Object Packager, Windows Media Player, and Windows Object Packager.
The only bulletin rated Critical was ‘Vulnerabilities in Windows Media Could Allow Remote Code Execution’. The vulnerabilities included in the said bulletin could allow remote code execution when users open a specially-crafted media file.
Also corrected in this patch Tuesday release is the way Media Player handles specially-crafted MIDI files and the way DirectShow parses media files. This update applies to all versions of Windows, including Windows 7.
In addition, MS12-006 fixes the BEAST vulnerability in SSL/TLS protocols, which potentially allowed a malicious user to conduct man-in-the-middle attacks on secure traffic.
Microsoft was not the only one to release fixes, as Adobe also published their own security updates to address vulnerabilities found in Adobe Reader and Acrobat. Most of the vulnerabilities addressed could lead to code execution when abused. Detailed information on the vulnerabilities can be found here.
To lean more about Microsoft support for the affected software, more details on the security bulletins for January 2012 can be found in their official bulletin summary. Users may also refer to our Trend Micro security advisory page.
Users of Deep Security and OfficeScan with Intrusion Defense Firewall (IDF) plug-in can also find updates to their products that will protect them from threats exploiting the vulnerabilities made public today, in advance of IT administrators being able to roll out these patches.