Microsoft ended 2011 with a late out-of-band patch that took the total number of security bulletins in the year to 100. If the first Patch Tuesday of 2012 is anything to go by, the software giant may not have too much trouble going past last year’s patch tally. The year’s first Patch Tuesday delivered seven vulnerabilities, one more than the last three January Patch Tuesdays combined.
The seven bulletins, which are all rated “important” save for one “critical” security update, are meant to plug eight holes in all. The update with the highest severity rating, MS12-004, patches two privately reported flaws in Windows Media, which if exploited using a malicious media file could allow remote code execution.
The year’s first consignment of security updates from Microsoft also includes a fix for the BEAST SSL flaw, which was originally scheduled to arrive in December but had to be postponed. “This vulnerability [in SSL 3.0 and TLS 1.0] affects the protocol itself and is not specific to the Windows operating system,” reads Microsoft’s summary of the vulnerability. “The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.”
More information about the security updates delivered by Microsoft on Tuesday and the vulnerabilities addressed by them is available here.