Another Patch Tuesday has come and gone, with Microsoft releasing a total of seven security bulletins that address 23 security vulnerabilities. Three of these are classified as "critical" while the remaining four are dubbed "important." Chief among the critical ones is bulletin MS12-034, which provides a number of updates for the .NET Framework, Office, Silverlight, and Windows.
Microsoft suggests that IT administrators deploy two of the most critical updates (MS12-034 and MS12-029) immediately. The former patches a vulnerability that could allow someone to remotely access a users machine, while the latter also "addresses one critical issue affecting Microsoft Office that could result in remote code execution." You can read more details about the updates on the Microsoft Security Response Center Blog.Wolfgang Kandek, CTO of security vendor Qualys, offers up some excellent detail on why the MS12-034 update is a particularly important one.
"In December of 2011 Microsoft issued bulletin MS11-087, which patched a vulnerability in the TrueType Font handling in win32k.sys DLL that had actively been exploited by the Duqu malware. After the fix was delivered, Microsoft's internal security team started an effort to identify further occurrences of the vulnerable code in Microsoft's other software packages and found multiple products that contained the flawed code. MS12-034 now provides the patches necessary to address these 'Sons of Duqu vulnerabilities,' together with a number of other security fixes (9 CVEs) that were bundled into the same files."
You can read Wolfgang's full post on the update over at the Qualys "Laws of Vulnerabilities" blog.
So what other security concerns will be keeping you up at night in 2012? Feel free to add a comment to this blog post or contribute to the discussion on Twitter.