Microsoft Security Updates – January 2012 http://technet.microsoft.com/en-us/security/bulletin/ms12-jan
ISC Analysis (Two client vulnerabilities are rated as PATCH NOW) http://isc.sans.org/diary/January+2012+Microsoft+Black+Tuesday+Summary/12361
QUOTE: Today we are releasing seven security bulletins, one of which is rated Critical in severity, with the remaining six classified as Important. These bulletins will address eight vulnerabilities in Microsoft products. Customers should plan to install all of these updates as soon as possible. For those who must prioritize deployment, we recommend focusing first on the sole critical update:
- MS12-004 (Windows Media Player): Vulnerabilities in Windows Media Player Could Cause Remote Code Execution. This bulletin – the only one in January’s set to include multiple CVEs – addresses two issues that could arise if a would-be attacker sent a malicious MIDI or DirectShow file to a targeted user. Both of these issues were cooperatively disclosed to Microsoft, and we know of no active exploitation in the wild. Still, we recommend that customers read through the bulletin information concerning MS12-004 and apply it as soon as possible.