14 DAY TRIAL // Microsoft’s February 2012 bulletins, totaling a number of nine, address 21 security holes that were identified in a few products, some of which may have allowed an attacker to remotely execute malicious code if certain circumstances were met.
Kaspersky Securelist experts reveal that the vulnerabilities discovered in Internet Explorer and the .NET framework may allow hackers to launch drive-by attacks. A mass exploitation of these flaws may be delivered with the aid of exploit packs such as the infamous Blackhole toolkit.
A fairly important security hole was identified in the C runtime library, but fortunately the exploitable delivery vector is limited for Windows application. For this vulnerability to be exploited, an attacker would have to rely on social engineering to convince potential victims to execute a malicious media file, or visit a websites that stores it.
Furthermore, third-party apps statically linked to the library in question are not affected by the weakness and there are no known active exploits in the wild.
Other vulnerabilities were found in the Ancillary function driver. They could allow an attacker to elevate his own privileges by logging on to a system and using a specially designed piece of software, but for the flaw to be exploited, a hacker would have to possess valid logon credentials that give him local access.
Privileges can also be elevated by using a weakness discovered in Microsoft SharePoint, a specially crafted URL allowing an attacker to steal information by leveraging this flaw.
Remote code execution vulnerabilities were also identified in the Indeo Codec, the Color Control Panel, and in Visio Viewer 2010.
Microsoft customers are advised to immediately update their products to make sure they’re protected against potentially malicious operations, especially since security experts say that mass exploitations rarely target 0-days, but instead they rely on older unpatched vulnerabilities.