News

January 2012 Patch Tuesday: Microsoft to fix eight flaws in Windows, developer tools

SearchSecurity.com Staff

Microsoft plans to address eight vulnerabilities Jan. 10 as part of its regularly scheduled Patch Tuesday round of security updates.

In its January 2012 Advance Notification issued today, Microsoft said it would release

    Requires Free Membership to View

seven bulletins, one rated “critical,” repairing coding errors across its product line. The security updates address issues in Microsoft Windows and Microsoft developer tools and software, Microsoft said.

The bulletins address a variety of flaws that could enable remote code execution and an escalation of privileges. One of the flaws, rated “important,” addresses a security feature bypass, which could be used by an attacker to exploit another error. Angela Gunn, security response communications manager for Microsoft’s Trustworthy Computing Group, said detailed analysis of the security feature bypass would be made available on Tuesday.

Microsoft issued an out-of-band security update Dec. 29, addressing four serious vulnerabilities in the .NET Framework. Among the fixes in the out-of-band update was a repair to block hash collision attacks on ASP.NET Web applications. The attacks could cause systems to freeze up.

The update was prompted by a presentation at the Chaos Communications Congress in Berlin where two researchers identified ways to exploit the error, which can be found in a variety of Web programming languages. The researchers say development frameworks should have randomized hash functions to prevent the problem.

~Robert Westervelt


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: