Patch MS12-027 Now--Zero Day Flaw Being Actively Exploited
Microsoft released six security bulletins for Patch Tuesday, including MS12-027--a Critical fix for a flaw attackers are already exploiting.
PC World - Today is the second Tuesday of April, and that means it's Microsoft Patch Tuesday time. This month Microsoft released a total of six new security bulletins, but one in particular deals with a zero-day vulnerability impacting virtually every Microsoft user, which is already being exploited in the wild.
Four of the six security bulletins are rated as Critical by Microsoft, with the remaining two ranked as Important. The Critical security bulletins include a fix for Windows and the .NET framework, as well as the perennial favorite--the cumulative update for Internet Explorer. The biggest deal, though, is MS12-027, which addresses a critical flaw in Windows Common Controls.
Andrew Storms, director of security operations for nCircle, declares MS12-027 is the "deploy now" patch of the month. The Windows Common Controls are widely used throughout the Microsoft ecosystem, so there isn't much that isn't potentially impacted by this one.
Storms adds, "It gets worse: Microsoft has already seen exploits for this vulnerability in the wild in limited attacks."
In a blog post, VMware's Jason Miller explains that the MS12-027 flaw can be exploited by simply visiting a malicious website using Internet Explorer, or by opening a file attachment with an embedded malicious ActiveX control.
Miller agrees with Storms, and emphasizes, "As Microsoft has already seen active exploits against this vulnerability and it contains a Web browsing scenario, it will be critical to push this patch out to your desktop systems as soon as possible."
Wolfgang Kandek, CTO of Qualys, also puts MS12-027 at the top of the priority list. Kandek cautions that not only are exploits already out there in the wild, but malware developers will likely target the vulnerability even more now that they can reverse-engineer the patch.
nCircle's Tyler Reguly warns that the scope of this threat, and the work involved in patching affected applications may be overwhelming for some businesses. He stresses, "This bulletin is a great example of why developers should use shared libraries wherever possible. This should be a simple Windows patch but instead we're seeing every affected application patch the problem independently."
Again, Miller concurs. He says that software developers are going to have to be diligent about reviewing the details of this bulletin and addressing any issues it may present for applications they have written.
Miller clarifies, "Any developer that has released an ActiveX control should review the information for this security bulletin. These developers may need to release updates to their own software to ensure they are not using a vulnerable file in their ActiveX control."
With all of the attention on MS12-027, though, don't lose sight of the fact that there are three other Critical security bulletins to address as well, and Important security bulletins shouldn't be ignored. Review all of the security bulletins and prioritize them to deploy all of the applicable updates as quickly as possible.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts