First Patch Tuesday of 2012 Fixes 8 Vulnerabilities
On the 10th of January 2012, Microsoft will release seven security bulletins as part of its Patch Tuesday program. The aforementioned bulletins are meant to address a total of 8 vulnerabilities that plague the Microsoft Windows operating system and Microsoft Developer Tools and Software. As always, Microsoft published an advance notification for the January 2012 security bulletin release; you can check out the notification by clicking here.
Out of the abovementioned 7 security bulletins that Microsoft will release this Tuesday, just one carries the dreaded rating of critical. This is Microsoft’s most severe rating; Microsoft uses it when it deals with a vulnerability whose exploitation could allow the propagation of an Internet worm without user action.
The remaining 6 bulletins carry the second most severe rating Microsoft uses; they are rated as important. Microsoft uses this rating when it deals with a vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.
The vulnerability classifications specify that the 8 security bulletins could lead to remote code execution, elevation of privilege, and information disclosure. There’s a new an unusual classification for one of the important bulletins – Security Feature Bypass (SFB). Microsoft’s Angela Gunn explaied that “SFB-class issues in themselves can’t be leveraged by an attacker; rather, a would-be attacker would use them to facilitate use of another exploit.”
If you are not familiar with Microsoft’s Patch Tuesday program, here’s a quick explanation: Microsoft releases patches for its products every second Tuesday of the month; they are usually released at around 10AM PST. Before every Patch Tuesday, an advance notification is published online. After the Patch Tuesday, the notification is updated to include more info on the security bulletins that were released to the public.
As a reminder, the advance notification for the January 2012 Patch Tuesday is available here.
Out of the abovementioned 7 security bulletins that Microsoft will release this Tuesday, just one carries the dreaded rating of critical. This is Microsoft’s most severe rating; Microsoft uses it when it deals with a vulnerability whose exploitation could allow the propagation of an Internet worm without user action.
The remaining 6 bulletins carry the second most severe rating Microsoft uses; they are rated as important. Microsoft uses this rating when it deals with a vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.
The vulnerability classifications specify that the 8 security bulletins could lead to remote code execution, elevation of privilege, and information disclosure. There’s a new an unusual classification for one of the important bulletins – Security Feature Bypass (SFB). Microsoft’s Angela Gunn explaied that “SFB-class issues in themselves can’t be leveraged by an attacker; rather, a would-be attacker would use them to facilitate use of another exploit.”
If you are not familiar with Microsoft’s Patch Tuesday program, here’s a quick explanation: Microsoft releases patches for its products every second Tuesday of the month; they are usually released at around 10AM PST. Before every Patch Tuesday, an advance notification is published online. After the Patch Tuesday, the notification is updated to include more info on the security bulletins that were released to the public.
As a reminder, the advance notification for the January 2012 Patch Tuesday is available here.
