Microsoft finally vanquishes the BEAST-related bug

A Windows patch today fixes eight bugs, including Internet encryption weakness and a critical Windows Media Player hole.

A Microsoft Windows update today fixes a weakness in the protocols used to secure e-commerce sites, which was first exposed by researchers using a tool they dubbed "BEAST."

Microsoft planned to release the BEAST (Browser Exploit Against SSL/TLS)-related patch last month, but had to pull it because it created compatibility issues with SAP software. Researchers had demonstrated the vulnerability using BEAST in September, prompting fears that attackers would use the tool to snoop on protected Internet sessions in what is called a "man-in-the-middle" attack. MS12-006 patches a hole in the Secure Sockets Layer and Transport Layer Security protocols.

The seven bulletins in Microsoft's Patch Tuesday release fix eight vulnerabilities and only one bulletin is rated "critical" -- MS12-004. It plugs two holes in Windows Media Player that could allow an attacker to take over a computer by sending a malicious MIDI or DirectShow file to a targeted user. More details are available at the Microsoft Technet blog.

The security bulletin summary for January also includes MS12-001 to address a security feature bypass flaw, a new category of issues that can't be directly exploited by an attacker, but which an attacker could use to facilitate use of another exploit.

Meanwhile, Adobe released updates today for Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh to resolve critical security issues.

About the author

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments
Latest Galleries from CNET
Catwalk contraptions: High-tech couture of 2014 (pictures)
The most anticipated games of 2015
Tech industry's high-flying 2014
Uber's tumultuous ups and downs in 2014 (pictures)
The best and worst quotes of 2014 (pictures)
A roomy range from LG (pictures)