Skip Links

Media Player, security bypass are focus of Microsoft's first Patch Tuesday of 2012

Of the seven bulletins issued as part of Microsoft's first Patch Tuesday of the year, researchers agree that a vulnerability affecting Windows Media Player should be the first one patched.

By Colin Neagle, Network World
January 10, 2012 03:44 PM ET

Network World - Seven bulletins, one deemed critical, and a handful of new Microsoft security issues all arrived today as part of Microsoft's first Patch Tuesday of 2012

Although Microsoft tied a previous high for bulletins issued in January, Qualys CTO Wolfgang Kandek isn't so concerned about large numbers. The growing number of Microsoft products being used in the wild naturally drives up the number of security bulletins the company will have to issue to protect them, he points out. Larger patches may soon become a more common occurrence.

SECURITY STRATEGY: Microsoft patch blows 'perfect game' but sends important message

"Microsoft has new products to cover every year, so they're adding more potential platforms that they have to cover," Kandek says. "There are kind of two different forces. One is they're getting better at fixing and finding vulnerabilities earlier in the development cycle, so they're not even released. And on the other hand they have to deal with more products. So I don't read too much into that big of a volume."

On an individual level, the patch also answered a few questions that arose following Microsoft's advance notification issued last Thursday, the most pressing of which involved what Microsoft meant by "Security Bypass Feature." It was the first time Microsoft used the term, and caused many to question what it could entail.

MORE DETAILS: Cautious optimism: Details of Microsoft's first Patch Tuesday of 2012

The security bypass feature, which describes the type of vulnerability addressed in Bulletin MS12-001, involves a feature designed to detect any mistakes or errors in a given program. The vulnerability can be used to facilitate another attack by disabling a feature designed to alert the system that an attack was occurring.

Amol Sarwate, director of Vulnerability Labs for Qualys, compared the security bypass feature to a home alarm system.

"If the bolt on the door is not good and anyone can crash through it, this is basically like the alarm system that goes off if you kick through the bolt," Sarwate says.

Because Microsoft has brought the security bypass feature to light, Kandek believes researchers may start exploring the possibility of similar vulnerabilities in other features.

While the issue with the security bypass feature may be the most intriguing, several researchers deemed the vulnerability in Windows Media player the most important, as its critical rating denotes. The issue involves the MIDI file format, which is used to detect musical instruments on Windows Media Player. Microsoft's bulletin patches an exploit through which hackers can take control of a computer that has opened a MIDI file.

"So if I could trick you to play a file like that, you might just go to a website and listen to some MIDI music, then I would be able to plant a controlled program on your computer that way," Kandek says. "It can be used for email and it could also send you a link. And you just have to play it, you don't have to do anything, you don't have to execute anything or install anything. So it makes that one kind of interesting for an attacker."

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News