Microsoft spreads love to all IT administrators this month by addressing 23 vulnerabilities on the 14th of February. The software giant released nine bulletins and fixed critical flaws in Internet Explorer, an error in a runtime library which can be targeted through Windows Media Player, and flaws in the Windows kernel. Four out of the nine bulletins were tagged as Critical by Microsoft.
One critical update was MS12-010, or a cumulative security update for Internet Explorer which resolves four privately reported vulnerabilities in versions 6 through 9 of Internet Explorer. These vulnerabilities could be used to run malicious code on a user’s system if they visited a malicious web site with Internet Explorer. A similar code execution vulnerability, MS12-013, could by exploited using flaws in the mscvrt.dll runtime library to run malicious code if the user opened a specially crafted video. The two remaining Critical vulnerabilities (MS12-008 and MS12-016) resolve vulnerabilities in the Windows kernel, the .NET Framework, and Silverlight that could similarly be used to run malicious code.
Among the remaining five Important vulnerabilities are MS12-012 and MS12-014, which fix DLL preloading issues in the Color Control Panel and Indeo codecs, respectively. MS12-011 fixed a privilege escalation flaw in SharePoint.
Microsoft urged users to immediately install the patches associated with the above bulletins; users can find full technical details from the February summary page. You can view our page on Threat Encyclopedia for respective Trend Micro solutions.
Users of Deep Security and OfficeScan with Intrusion Defense Firewall (IDF) plug-in can also find updates to their products that will protect them from threats exploiting the vulnerabilities made public today, in advance of IT administrators being able to roll out these patches. The coverage for this month includes all of the vulnerabilities specifically mentioned above.