Happy Valentine’s Day, and welcome to February MS Patch Tuesday.  Among the roses, chocolates, and candy hearts, this week you’ll find 9 MS patches, addressing 21 new vulnerabilities.  Four of the vulnerabilities are classified as Critical by Microsoft, with the remaining five classified as Important.   This month’s MS patches include the following:

 

  • (MS12-008) Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465)
  • (MS12-009) Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640)
  • (MS12-010) Cumulative Security Update for Internet Explorer (2647516)
  • (MS12-011) Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841)
  • (MS12-012) Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719)
  • (MS12-013) Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428)
  • (MS12-014) Vulnerability in Indeo Codec Could Allow Remote Code Execution (2661637)
  • (MS12-015) Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2663510)
  • (MS12-016) Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026)

 

The vulnerabilities address gaps in an assortment of MS applications and OS services.  Four of the 21 vulnerabilities had been previously disclosed in public forums, but none have been actively exploited in the wild.  While several could be exploited by an attacker to achieve remote code execution, the most worrisome is MS12-010, which fixes 4 vulnerabilities in Internet Explorer. 

 

Internet Explorer continues to be one of the most dangerous pieces of software in history: patched 4 times in 2010, 5 times in 2011, and once so far this year now.  The web today calls for comprehensive layers of security, starting with strong protection in the browser itself, and extending to reputation and behavioral techniques on the network.  While none of these alone is perfectly effective, our experience dissecting persistent attacks over the last year shows that the combination is very powerful.

 

McAfee’s coverage for this month’s vulns is excellent:

 

  • McAfee VirusScan's buffer overflow protection is expected to provide proactive protection against exploits of 8 out of 21 vulnerabilities this month.
  • McAfee Host Intrusion Prevention is expected to provide protection against exploits of 12 out of 21 vulnerabilities this month.
  • McAfee Application Control is expected to provide protection against exploits of 11 out of 21 vulnerabilities this month.
  • McAfee's Network Security Platform has new signatures confirmed to protect exploits of 16 out of 21 vulnerabilities this month.
  • McAfee Vulnerability Manager and Policy Auditor will very shortly have content to assess whether your systems are exposed to any of these new vulnerabilities.

 

Additional research is being performed on a couple of the vulnerabilities, and coverage may improve over time.  As more details become available, you’ll find them on the McAfee Threat Center.

 

Happy patching!

 

Scott