January 2012 Patch Tuesday to feature critical fix for Windows Media Player


In the very first Patch Tuesday for the 2012 year, Microsoft has released several bulletins that fix eight security vulnerabilities in various versions of Windows, and a fix that addresses a flaw in Windows Media Player that could allow an attacker to remotely execute code.

Of the patches, Microsoft is releasing a Critical patch that fixes security vulnerabilities when a user plays a MIDI file or streams videos using Windows Media Player. Microsoft is expecting and warning users that this flaw will become popular among hackers within the next 30 days and users must treat this with the “utmost priority.”

Microsoft will also be providing a fix to a “Security Feature Bypass” flaw, which is explained by a security analyst as “binary code compiled with a version of the Microsoft C++ .NET compiler that did not have all the security protections enabled.”

Microsoft is also adding a fix for the BEAST vulnerability. “BEAST was first demonstrated at the September 2011 Ekoparty conference in Buenos Aires and is a crypto attack against SSL/TLS that allows the attacker to decode and eavesdrop on HTTPS sessions. If you did miss the MS11-100 release over the holidays, now is a good time to take the opportunity to bundle both together. Tools for triggering MS11-100 are actively being researched and are very simple to build, meaning that they will soon get added to the common DoS tools,” security analyst Wolfgang Kandek stated in a statement.

This months Patch Tuesday will apply to all supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows Vista, Windows 7, and Windows Server 2008 R2.