Of the six bulletins this month, there are two that stand out: MS12-004 and MS12-006. MS12-004 is a "critical" security bulletin that addresses a vulnerability in Windows Media Player, and MS12-006 patches the flaw exploited by BEAST attacks. MS12-006 was originally slated for the December 2011 Patch Tuesday, but was pulled at the last minute due to conflicts.
The headline is certainly attention-grabbing, and it wasn't the only article on Patch Tuesday to use "BEAST attacks" in the headline. (The irony is that BEAST isn't as bad of a problem as the headlines would have you believe.)
And then there is Microsoft's new threat classification, Security Bypass Feature. This new classification involves exploits that, alone, aren't threats, but if they are combined with another attack that bypasses a security feature, well, then it could get ugly. Or as Marcus Carey, security researcher at Rapid7, explained to me:
In this case it essentially patched legacy third party .Net applications. MS12-001 is the first bulletin to be classified this way and I doubt we'll see this category used very often. Structured Exception Handler Overwrite Protection (SEHOP) has been in place effectively since the XPSP2 timeframe and all .Net versions since that time automatically opt binaries into SEHOP protections.
But all in all, the real takeaway from this first Patch Tuesday of 2012 is the fix to MS12-004. As Carey said:
Exploiting this vulnerability would allow remote code execution and this should be of top concern for both companies and private users. This vulnerability can be exploited by embedded malicious Windows Media Players in web pages.
Carey also said this vulnerability should serve as a reminder that we should expect researchers and attackers to continue to exploit client applications such as media players and browsers.