Microsoft Windows Malicious Software Removal Tool (MSRT) January '12 Update Cleans Win32/Sefnit

Microsoft has released the first security bulletin of January on Jan 10, 2012 monthly to resolve critical problem vulnerabilities. You can view the Jan 2012 update overview video in our blog post titled "January 2012 Patch Tuesday Update Overview Video."Microsoft also released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows […]

Microsoft Patch Tuesday January 2012Microsoft has released the first security bulletin of January on Jan 10, 2012 monthly to resolve critical problem vulnerabilities. You can view the Jan 2012 update overview video in our blog post titled "January 2012 Patch Tuesday Update Overview Video."

Microsoft also released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center.

The January 2012 edition of the MSRT includes detection and removal of the Win32/Sefnit family of trojans. This trojan family moderates and redirects web browser search engine results for Bing, Yahoo! and Google.

"Variants of Sefnit employ the use of a Nullsoft Scriptable Install System (NSIS) dropper to install an obfuscated a dynamic link library (DLL) component. The component is executed by the dropper by using "rundll32.exe" and also will execute during Windows logon.

The obfuscation technique used has changed from the "spaghetti-style" of numerous unconditional branches between small islands of code to one that is "in plain sight".

Once this component of Sefnit is installed, it attempts to perform browser search result redirection for Bing, Yahoo and Google search engines. Win32/Sefnit is often installed by different exploit kits including such as "Blackhole" (detected as Blacole), or distributed on file sharing networks with enticing "keygen" or "crack" styled file names," MSRT explains.

You can download and get more information on the Microsoft Windows Malicious Software Removal Tool here.

Microsoft released the following seven new security bulletins for newly discovered vulnerabilities:

  • MS12-001: Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615) - Important - Security Feature Bypass - Requires restart
    Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
  • MS12-002 : Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381) - Important - Remote Code Execution - May require restart
    Microsoft Windows XP and Windows Server 2003.
  • MS12-003: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524) - Important - Elevation of Privilege - Requires restart
    Microsoft Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
  • MS12-004: Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391) - Critical - Remote Code Execution - Requires restart
    Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
  • MS12-005: Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146) - Important - Remote Code Execution - May require restart
    Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
  • MS12-006: Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584) - Important - Information Disclosure - Requires restart
    Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
  • MS12-007: Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664) - Important - Information Disclosure - May require restart
    Microsoft Developer Tools and Software

The January Public Update released for Office is now live and available for download. This release contains 4 non-security updates, and provide current definitions to the Junk Email Filter in Microsoft Office Outlook 2007, 2010 and 2003:

  • Update for Microsoft Office 2007 suites (KB 2596686) 32-Bit Edition
  • Definition Update for Microsoft Office 2010 (KB 982726) 32-Bit Edition
  • Definition Update for Microsoft Office 2010 (KB 982726) 64-Bit Edition
  • Update for Microsoft Office Outlook 2003 Junk Email Filter (KB 2597098)