First Patch Tuesday of 2012

In the first “Patch Tuesday” of 2012, Microsoft is releasing seven security bulletins to address software issues an attacker could use to remotely exploit and take control of infected Windows systems.  Patch Tuesday occurs on the second Tuesday of each month and on that day Microsoft releases security patches to fix vulnerabilities found in their products.

The following table summarizes the security bulletins for this month in order of severity.

Bulletin IDMaximum Severity Rating and Vulnerability ImpactRestart RequirementAffected SoftwareBulletin 1Critical
Remote Code ExecutionRequires restartMicrosoft WindowsBulletin 2Important
Security Feature BypassRequires restartMicrosoft WindowsBulletin 3Important
Remote Code ExecutionMay require restartMicrosoft WindowsBulletin 4Important
Elevation of PrivilegeRequires restartMicrosoft WindowsBulletin 5Important
Remote Code ExecutionMay require restartMicrosoft WindowsBulletin 6Important
Information DisclosureRequires restartMicrosoft WindowsBulletin 7Important
Information DisclosureMay require restartMicrosoft Developer Tools and Software

Table 1 – Table Summarizes the Security Bulletins

We are hoping this month’s patches with address the Browser Exploit Against SSL/TLS or the BEAST that seemed to have been canceled last month due a third-party vendor who reported compatibility issues with the patch

Updates for other security issues are available from the following locations:

• Security updates are available from Microsoft Download Center. You can find them most easily by doing a keyword search for “security update”.
• Updates for consumer platforms are available from Microsoft Update.
• You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files. For more information, see Microsoft Knowledge Base Article 913086.

If you are interested in learning more on how to improve security and optimize your IT infrastructure, and  would like to participate with other IT Pros on security topics check out the IT Pro Security Community.

Also strengthening its software is Adobe, which on Jan. 10th released critical updates for Adobe Reader X and Adobe Acrobat X and Google, which recently released Chrome version 16.0.9212.75, fixing three high-priority bugs in the Web browser.