Patch Tuesday Fixes Media Player Vulnerability and a BEAST

Sue Marquette Poremba

Microsoft welcomed 2012 with its first Patch Tuesday, and it brought one of the best Patch Tuesday headlines I've seen. PC World announced that "Microsoft Slays the BEAST." As PC World explained:

Of the six bulletins this month, there are two that stand out: MS12-004 and MS12-006. MS12-004 is a "critical" security bulletin that addresses a vulnerability in Windows Media Player, and MS12-006 patches the flaw exploited by BEAST attacks. MS12-006 was originally slated for the December 2011 Patch Tuesday, but was pulled at the last minute due to conflicts.

The headline is certainly attention-grabbing, and it wasn't the only article on Patch Tuesday to use "BEAST attacks" in the headline. (The irony is that BEAST isn't as bad of a problem as the headlines would have you believe.)


And then there is Microsoft's new threat classification, Security Bypass Feature. This new classification involves exploits that, alone, aren't threats, but if they are combined with another attack that bypasses a security feature, well, then it could get ugly. Or as Marcus Carey, security researcher at Rapid7, explained to me:

In this case it essentially patched legacy third party .Net applications. MS12-001 is the first bulletin to be classified this way and I doubt we'll see this category used very often. Structured Exception Handler Overwrite Protection (SEHOP) has been in place effectively since the XPSP2 timeframe and all .Net versions since that time automatically opt binaries into SEHOP protections.

But all in all, the real takeaway from this first Patch Tuesday of 2012 is the fix to MS12-004. As Carey said:

Exploiting this vulnerability would allow remote code execution and this should be of top concern for both companies and private users. This vulnerability can be exploited by embedded malicious Windows Media Players in web pages.

Carey also said this vulnerability should serve as a reminder that we should expect researchers and attackers to continue to exploit client applications such as media players and browsers.

Add Comment      Leave a comment on this blog post
Jan 11, 2012 7:18 AM Deck Contractor Deck Contractor  says:

I think being over the top is amusing and informative. Pretty good for their first patch of the year.


Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.