Microsoft issues seven security patches, BEAST fix included

Share this article:

Microsoft on Tuesday released seven security fixes, including one cited as “critical," to correct eight vulnerabilities.

None of the patches addressed major, ongoing attacks, but several were notable because Microsoft identified them as fixes that address issues that are easy to implement and capable of executing malware remotely.

The "critical" patch, MS12-004, fixes a Windows Media Center vulnerability that allows a remote attacker to gain access to a system if a user opens a malicious file. The bug extends across all Windows versions.

Experts also pointed to bulletin MS12-005, which was graded "important," but can lead to remote code execution due to a Windows weakness that allows an attacker to run malware as soon as a user opens a file that contains a malicious, embedded ClickOnce application.

"Email attachments will probably be the most common attack method in which this vulnerability is exploited," Joshua Talbot, security intelligence manager of Symantec Security Response said. "As usual, we strongly recommend users only open email attachments from people they know."

The patch batch also included, MS12-2006, a fix -- held over from last month -- for a vulnerability that could be exploited by Browser Exploit Against SSL/TLS (BEAST), a JavaScript hacking tool disclosed in September at a security conference in Argentina, which can decrypt HTTPS requests and encrypted cookies.

Wolfgang Kandek, chief technology officer at Qualys, said the patches should be installed immediately because attackers could easily launch exploits. Users might not think twice about running a malevolent music or Office file.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.