14 DAY TRIAL // On January 10th, 2012, Microsoft released a new security update for its Windows products, as well as for Microsoft Developer Tools And Software, in an attempt to patch a number of eight vulnerabilities discovered in these products.
As announced in the advance notification for the January security bulletin release, there were no less than seven bulletins included in this month’s release.
Among these, we can count a bulletin rated Critical, destined to patch two vulnerabilities found in Windows Media Could Allow Remote Code Execution (2636391).
“This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted media file,” Microsoft explains.
“An attacker who successfully exploited the vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
The Microsoft Security Bulletin Summary for January 2012 explains that other bulletins were meant to patch vulnerabilities in Windows Kernel, Windows Object Packager, Windows Client/Server Run-time Subsystem, and in SSL/TLS.
The security update was also meant to patch a vulnerability in Windows that could allow remote code execution when opening a specially crafted Microsoft Office file, and another one in the Microsoft Anti-Cross Site Scripting (AntiXSS) Library.
These vulnerabilities affected Windows XP Service Pack 3, Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 SP2 (x86 and x64), Windows Vista SP2 (x86 and x64), Windows Server 2008 SP2 (x86 and x64), Windows 7 SP1 (x86 and x64), and Windows Server 2008 R2 SP1 (x86 and x64).
The said vulnerability in AntiXSS Library (which could allow information disclosure) affected Microsoft Anti-Cross Site Scripting Library V3.x and Microsoft Anti-Cross Site Scripting Library V4.0.
Microsoft also announced the availability of a new flavor of its Microsoft Windows Malicious Software Removal Tool. It can be found on Softpedia as well, via this link.
Specific details on the new security update can be found on Microsoft’s website in the aforementioned Security Bulletin Summary. You can also have a look at the images attached to this article so that you can form an opinion about the bulletin deployment priority.
