Patch Tuesday Monthly Security Briefing january 2012

In this issue:

Microsoft Slays The Beast

1 Critical, 6 Important

Patch Tuesday Security Briefing

In the first Patch Tuesday of 2012, Microsoft has addressed 1 critical issue and 6 important. It’s interesting to note that despite all of the media hype over "The Beast", attacks have simply never materialized and the issue has retained its "Important" classification from Microsoft. Overall, we saw a reduction in the number of critical issues from Microsoft in 2011. To that end, we can anticipate Microsoft will bolster defense-in-depth efforts and will likely increase the numbers of important issues like privilege escalation.

Looking at the details:

  • MS12-004 Critical - Corrects a Media Player issue with
    remote code execution probability
  • MS12-001 Important – Corrects a Windows Kernel issue
  • MS12-002 Important – Corrects an Object Packager issue
  • MS12-003 Important – Corrects a CSRSS issue
  • MS12-005 Important – Corrects a .Net issue
  • MS12-006 Important – Slays the Beast by correcting the
    underlying related SSL/TLS issue
  • MS12-007 Important - Anti-XSS fix

This Patch Tuesday also saw the first use of a new security classification, Security Bypass Feature (SBF). This classification includes exploits that are not directly accessible themselves but could be used to facilitate an attack using another vulnerability (such as turning off UAC, DEP or ASLR before running another exploit). This first SBF patch enhances Microsoft’s SEHOP, or Structured Exception Handler Overwrite Protection to add additional defense-in-depth... Read More »

Join the Beta! L.E.M.S.S. v.7.2

The latest version of our Lumension® Endpoint Management and Security Suite (L.E.M.S.S.) v.7.2 is ready for customer Beta testing. L.E.M.S.S. v.7.2 contains numerous performance improvements, user experience enhancements, and new capabilities in Application Control, Patch and Remediation, and AntiVirus. Join Now.

Get Started Today »


FREE Trial Offers

Try our award-winning products and solutions NOW »

Endpoint Management and Security Suite Trial »

Intelligent Whitelisting Trial »

AntiVirus Trial »

Application Control Trial »

Device Control Trial »

Patch and Remediation Trial »

Risk Manager Trial »

Lumension® Patch and Remediation v.7.0 Moves to Extended Support

Lumension® Endpoint Management and Security Suite (L.E.M.S.S.) Patch and Remediation v.7.0 has moved into Extended Support. Service releases and critical hot fixes are no longer planned for L.E.M.S.S. v.7.0. Upgrades are free for customers with a current, active license for Lumension® Patch and Remediation. To learn more about the migration of your systems to L.E.M.S.S. v.7.1, visit the Lumension Upgrade Center.

FREE Security Tools


Application Scanner

Discover all applications running on your network



Get it Now »

Device Scanner

Discover every removable device ever connected to your endpoints



Get it Now »

Vulnerability Scanner

Discover all OS and application vulnerabilities on your network



Get it Now »

Bulletins

» Critical

MS12-004   Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)

» Important

MS12-001   Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)
MS12-002   Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381)
MS12-003   Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)
MS12-005   Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)
MS12-006   Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)
MS12-007   Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664)

Updates Outside of Microsoft

Outside of Microsoft, here are the updates since the beginning of December:

Adobe Security Content (45 bulletins)

Mozilla Security Content

Real Networks Security Content

Some additional items of note:

  1. Microsoft released MS11-100 as an Out-Of-Band Security Bulletin on December 29, 2011 related to a .NET Framework Critical Vulnerability
  2. Mozilla continues to be disruptive to the enterprise as it plans to release Firefox 10 on January 31, 2012, after just releasing Firefox 9 on December 20, 2011
  3. Adobe is planning to release APSB12-01 on January 10, 2012, with a plan to release fixes for Reader X v10.1.1 and Acrobat X v10.1.1

State of the Endpoint
The Ponemon Report

Read the 2012 State of the Endpoint study sponsored by Lumension® and conducted by Ponemon to find out how a reliance on productivity tools, without proper collaboration and resources, is creating a perfect storm for hackers.

Webcast
Greatest IT Security Risks in 2012
January 17, 11am ET

Join this webcast as we reveal statistics on growing insecurity, IT’s perceived areas of greatest risk for 2012, and a significant disconnect between risk and planned security strategies.

Security Forum
2012 Endpoint Security Trends Podcast

A new year brings a new IT security landscape. Lumension asked three experts to make their predictions and offer practical steps on what to do next. Find out what IT professionals can be doing to prepare.

Download the Report »

Register for the Webcast »

Watch the Video »

Customers

 

It's Time to Think New

 
play Think New Take Control of Your Endpoints

Bringing Operations and Security together. One partner. One platform. Many solutions.

Watch It Now »