Here comes the first batch of security updates in 2012, total 7 of them. Microsoft is also hosting a webcast to address your questions on these bulletins on Jan 11, 2012 here.
MS12-0001 – Vulnerability in Windows Kernel that could allow security feature bypass.
Summery: Only software application that were compiled using Microsoft Visual C++ .Net 2003 can be used to exploit this vulnerability.
MS12-0002 – Vulnerability in Windows Object Packager that could allow remote code execution
Summery: The vulnerability could allow remote code execution if a user opens a legitimate file with an embedded packaged object that is located in the same network directory as a specially crafted executable file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
MS12-0003 – Vulnerability in Windows Client/Server run-time subsystem that could allow elevation of privilege
Summery: All editions of Windows 7 and Windows Server 2008 R2 are not affected by this vulnerability.
MS12-0004 – Vulnerability in Windows Media that could allow remote code execution
Summery: The vulnerabilities could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the local user.
MS12-0005 – Vulnerability in Microsoft Windows that could allow remote code execution
Summery: The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file containing a malicious embedded ClickOnce application. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.
MS12-0006 – Vulnerability in SSL/TLS that could allow information disclosure
Summery: This security update resolves a publicly disclosed vulnerability in SSL 3.0 and TLS 1.0. This vulnerability affects the protocol itself and is not specific to the Windows operating system.
MS12-0007 – Vulnerability in AntiXSS Library that could allow information disclosure
Summery: The vulnerability could allow information disclosure if a an attacker passes a malicious script to a website using the sanitization function of the AntiXSS Library.
That’s it. Because pretty much all these updates require system restarted after installed, don’t be surprise if you leave your computer on tonight and only found it’s in login window tomorrow morning.
If you don’t have Windows Update set up to install updates automatically, you should manually launch Windows Update and install these updates to keep your system secure and up-to-date.
