Today, Microsoft released its monthly collection of security updates that are colloquially known as ‘Patch Tuesday.’ In the package, the first for 2012, are a total of 7 bulletins, only one of which is rated as ‘Critical.’
As per usual, the rest of the updates are demarcated as ‘Important.’ The seven updates address eight vulnerabilities in various Microsoft products. The critical update deals with Windows Media Player (which someone, somewhere must still use). This is Microsoft description of the issue:
MS12-004 (Windows Media Player): Vulnerabilities in Windows Media Player Could Cause Remote Code Execution. This bulletin – the only one in January’s set to include multiple CVEs – addresses two issues that could arise if a would-be attacker sent a malicious MIDI or DirectShow file to a targeted user. Both of these issues were cooperatively disclosed to Microsoft, and we know of no active exploitation in the wild. Still, we recommend that customers read through the bulletin information concerning MS12-004 and apply it as soon as possible.
Other fixed issues involve the Windows .NET packager and the BEAST issue (delayed in last month’s package). Full details can be found here, and a rigorous analysis can be read here. We don’t want to smash your head in with details, as in this case they are a bit numbing. To make things brighter, here’s a visual breakdown:
Wasn’t that fun? Windows users: get ready for some new code. Everyone else: why are you reading this?
CES is going on, and TNW is on the ground. Be sure to have at least one eye fixed on our coverage.