Microsoft issues seven security patches, BEAST fix included

Share this article:

Microsoft on Tuesday released seven security fixes, including one cited as “critical," to correct eight vulnerabilities.

None of the patches addressed major, ongoing attacks, but several were notable because Microsoft identified them as fixes that address issues that are easy to implement and capable of executing malware remotely.

The "critical" patch, MS12-004, fixes a Windows Media Center vulnerability that allows a remote attacker to gain access to a system if a user opens a malicious file. The bug extends across all Windows versions.

Experts also pointed to bulletin MS12-005, which was graded "important," but can lead to remote code execution due to a Windows weakness that allows an attacker to run malware as soon as a user opens a file that contains a malicious, embedded ClickOnce application.

"Email attachments will probably be the most common attack method in which this vulnerability is exploited," Joshua Talbot, security intelligence manager of Symantec Security Response said. "As usual, we strongly recommend users only open email attachments from people they know."

The patch batch also included, MS12-2006, a fix -- held over from last month -- for a vulnerability that could be exploited by Browser Exploit Against SSL/TLS (BEAST), a JavaScript hacking tool disclosed in September at a security conference in Argentina, which can decrypt HTTPS requests and encrypted cookies.

Wolfgang Kandek, chief technology officer at Qualys, said the patches should be installed immediately because attackers could easily launch exploits. Users might not think twice about running a malevolent music or Office file.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

U.S. under cyber attack, losing ground to adversaries

In testimony to a Senate committee, cyber experts said the U.S. has fielded 600,000 attacks this year.

Researchers in China work on facial recognition payment app

The app is expected to be launched next year.

Mobile app study reveals privacy concerns

Mobile app study reveals privacy concerns

Of the more than 1,200 mobile apps that were assessed in a recent study, 75 percent requested one or more permissions.