It's a new year and already the first Patch Tuesday of Microsoft's
monthly Windows update schedule has come and gone. If you ignored the update notification sitting your system tray, take a moment to let Windows Update do its thing, and as a reward for kicking procrastination to the curb, Microsoft will get rid of a BEAST that resides on your system.
We're not being dramatic, that's in reference to a so-called BEAST SSL security flaw that's among the many patches contained in the seven bulletins for the first Patch Tuesday of 2012. All but one are labeled "Important," and the remaining bulletin -- MS12-004 -- earned a "Critical" designation from Microsoft because of two possible Remote Code Execution vulnerabilities in Windows Media.
"This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted media file," Microsoft said in its security bulletin for January 2012. "An attacker who successfully exploited the vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."
Microsoft issued 100 security bulletins in 2011, and with 7 more in the first month of 2012, Microsoft could challenge that number by the end of the year.