In the Microsoft Security Bulletin Summary for February 2012, Microsoft released nine bulletins to address 20 vulnerabilities. Instead of love on Valentine's day, organizations may have fear pumping through their hearts when you couple the recent news of several high profile breaches with Patch Tuesday.
There are four bulletins rated “critical” and they will likely affect all organizations. The critical bulletins are MS12-008, MS12-010, MS12-013, and MS12-016 which are all related to browsers and media players, and are the most likely to result in a compromise via end-user interaction. All the critical bulletins are primed for phishing attacks, which can result in a complete compromise of the users’ and organizations’ data.
MS12-008 is a Windows Kernel-Mode Driver bug that can be exploited by visiting a malicious website or if a specially crafted application is run locally. Microsoft advises that there is likely exploit code already available for MS12-008.
MS12-010 is a Internet Explorer Cumulative patch that addresses vulnerabilities that could result in remote code execution. MS12-016 is related to the Microsoft Silverlight media player, which can also be exploited remotely when a user visits a malicious web page. MS12-013 is a vulnerability that can be exploited when a user opens a specially crafted media file.
Organizations should expect the trend of web browser and media player exploits to continue. Regardless of announced vulnerabilities, organizations should enforce policy and processes that reduce risk related to browser and media player exploits. The problem with browser and media player compromises is that the end-user is unaware that they have been compromised, which can lead to the kinds of long term breaches we see reported in the news these days.
There are also five “important” bulletins in this patch cycle. Of these, MS12-015 will allow remote code execution if someone opens up a malicious Visio file. Visio is usually used by system administrators and network administrators, which could be very rewarding for an attacker if they were able to compromise Visio users.