Microsoft issues seven security patches, BEAST fix included

Share this article:

Microsoft on Tuesday released seven security fixes, including one cited as “critical," to correct eight vulnerabilities.

None of the patches addressed major, ongoing attacks, but several were notable because Microsoft identified them as fixes that address issues that are easy to implement and capable of executing malware remotely.

The "critical" patch, MS12-004, fixes a Windows Media Center vulnerability that allows a remote attacker to gain access to a system if a user opens a malicious file. The bug extends across all Windows versions.

Experts also pointed to bulletin MS12-005, which was graded "important," but can lead to remote code execution due to a Windows weakness that allows an attacker to run malware as soon as a user opens a file that contains a malicious, embedded ClickOnce application.

"Email attachments will probably be the most common attack method in which this vulnerability is exploited," Joshua Talbot, security intelligence manager of Symantec Security Response said. "As usual, we strongly recommend users only open email attachments from people they know."

The patch batch also included, MS12-2006, a fix -- held over from last month -- for a vulnerability that could be exploited by Browser Exploit Against SSL/TLS (BEAST), a JavaScript hacking tool disclosed in September at a security conference in Argentina, which can decrypt HTTPS requests and encrypted cookies.

Wolfgang Kandek, chief technology officer at Qualys, said the patches should be installed immediately because attackers could easily launch exploits. Users might not think twice about running a malevolent music or Office file.

Share this article:

Sign up to our newsletters

More in News

Hackers target video game companies to lift copy protections and develop cheats

A threat group is targeting video game companies in order to lift DRM protections, develop cheats and possibly to steal source code.

Android malware spreads via mail tracking SMS spam

The mobile malware is currently targeting German users, McAfee revealed.

About 2,800 victims of worldwide info-stealing campaign targeting various sectors

About 2,800 victims of worldwide info-stealing campaign targeting ...

Unknown attackers have claimed about 2,800 victims in an ongoing information-stealing campaign identified by Kaspersky Lab as "Crouching Yeti."