For IT managers, January will mean patching. Microsoft usually keeps quiet in January, but has issued seven security bulletins for eight vulnerabilities.One of those is a critical remote code execution vulnerability in Media Player, although for users of Windows 7 and Windows 2008 R2 its severity is downgraded to 'important.'The remaining bulletins are ranked as important. One of those covers the BEAST SSL flaw highlighted by researchers last year.
Researchers found a way to exploit a long-known flaw in TLS (Transport Layer Security) that could have undermined the security credentials of the SSL cryptographic protocol and affected millions of sites. However, little emerged from the discovery.
"Bulletins three and five, while rated 'important' both involve Remote Code Execution, most likely through a specifically crafted input file to one of the Windows standard programs and should also be high on your list of bulletins to look at," recommended Wolfgang Kandek, CTO of Qualys.
"Bulletin two stands out as it is tagged as 'Security Feature Bypass,' which is a new category. Next Tuesday it will be interesting to see which exact Windows features are involved and how this vulnerability can be used by attackers."
Adobe will join Microsoft in issuing updates today. It will address critical flaws in Reader and Acrobat.
"These updates will include fixes for CVE-2011-2462 and CVE-2011-4369, previously addressed in Adobe Reader and Acrobat 9.x for Windows," Adobe said in its advisory.
Oracle is also due to issue its quarterly security update on 17 January, making it a busy month of patching for IT managers.
Copyright © ITPro, Dennis Publishing
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.