The January 2012 Microsoft “Patch Tuesday” starts the new year with a bang, seven security bulletins covering eight separate vulnerabilities.

The first six bulletins affect various versions of the Windows Operating System, from XP SP3 to Windows 7, and Windows Server 2008 R2. The seventh bulletin covers Microsoft Developer Tools.

Bulletin one is rated as 'critical' in Windows XP and should be considered the priority.  In Windows 7 and Windows Server 2008 R2, severity is downgraded to 'important'.

Bulletins three and five, while rated 'important' both involve Remote Code Execution, most likely through a specifically crafted input file to one of the Windows standard programs and should also be high on your list of bulletins to look at.

Bulletin two stands out as it is tagged as 'Security Feature Bypass', which is a new category. No other information has been provided.

Please be also aware that both Adobe and Oracle will release their quarterly updates this month as well, on January 10th and January 17th respectively. Parts of Adobe's release will cover CVE-2011-4369 in Adobe Reader X, which they had addressed for Adobe Reader 9 out-of-band due to exploits in the wild on December 16th.

Bottom line: Keep your computers and servers on overnight to receive the updates, and reboot tomorrow morning.

Also, when Adobe Reader gives you a message about updates on Jan 10 and 17, please click “OK”.

Greg Allen
Active Technologies, LLC
www.active-technologies.com
gallen@active-technologies.com
843-225-5648