Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Microsoft Advance Notification for January 2013

If you were hoping for a nice relaxing Patch Tuesday afterthe holidays, well, sorry to disappoint you. Microsoft will be issuing seven new bulletinsnext week, two of them are rated as 'Critical'. Both critical bulletins canresult in the holy grail of remote code execution. The other five bulletins are all rated as'Important'.

Of the two critical bulletins one of them lists allcurrently supported versions of Windows from XP SP3 up to Server 2008 R2 aswell as several versions of Office, Sharepoint and Groove Server. This is mostlikely an issue in one of the base libraries meaning it will have a wideimpact. The other critical bulletin onlylists Windows 7 and Server 2008 as vulnerable but it still results in RCE so itshouldn't be taken as any less serious.

The five remaining 'Important' bulletins result mostly inElevation of Privilege with one Security Feature Bypass and one Denial ofService. Six of them impact different versions of Windows and Windows Serverwith one Elevation of Privilege hitting Microsoft System Center OperationsManager. The MS SCOM is a cloud management platform allowing you to managemultiple hypervisors.

In addition to these you have probably heard of the zero-dayvulnerability that exists in Internet Explorer 6, 7 and 8 that is activelybeing used in targeted attacks. While the update for the zero-day won't be included in this month's bunch of updates, Microsoft has already released a Fix-It tool for it.

But that's not all, there are also active ongoing attacksusing fraudulent certificates issued by TURKTRUST inc. The fraudulent certs were issued for*.google.com and could be used to spoof content, perform phishing attacks, orperform man-in-the-middle attacks against several Google web properties. Microsofthas already updated the Certificate Trust List. If you are using the automaticupdater of revoked certificates you are all set. If not, or you are still usingXP or Server 2003, you will find an update for you in Microsoft Update.

We will have full details of all seven bulletins nextTuesday when Microsoft releases the full details.