Microsoft issues seven security patches, BEAST fix included

Share this article:

Microsoft on Tuesday released seven security fixes, including one cited as “critical," to correct eight vulnerabilities.

None of the patches addressed major, ongoing attacks, but several were notable because Microsoft identified them as fixes that address issues that are easy to implement and capable of executing malware remotely.

The "critical" patch, MS12-004, fixes a Windows Media Center vulnerability that allows a remote attacker to gain access to a system if a user opens a malicious file. The bug extends across all Windows versions.

Experts also pointed to bulletin MS12-005, which was graded "important," but can lead to remote code execution due to a Windows weakness that allows an attacker to run malware as soon as a user opens a file that contains a malicious, embedded ClickOnce application.

"Email attachments will probably be the most common attack method in which this vulnerability is exploited," Joshua Talbot, security intelligence manager of Symantec Security Response said. "As usual, we strongly recommend users only open email attachments from people they know."

The patch batch also included, MS12-2006, a fix -- held over from last month -- for a vulnerability that could be exploited by Browser Exploit Against SSL/TLS (BEAST), a JavaScript hacking tool disclosed in September at a security conference in Argentina, which can decrypt HTTPS requests and encrypted cookies.

Wolfgang Kandek, chief technology officer at Qualys, said the patches should be installed immediately because attackers could easily launch exploits. Users might not think twice about running a malevolent music or Office file.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ShellShock vulnerability exploited in SMTP servers

Researchers at Trend Micro found that attackers were targeting Simple Mail Transfer Protocol (SMTP) servers to execute malicious code and an IRC bot.

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.