Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: Microsoft Security Bulletin Summary for October 2012

by: Carol~ October 9, 2012 10:35 AM PDT

Like this

0 people like this thread

Staff pick

Microsoft Security Bulletin Summary for October 2012

by Carol~ Moderator - 10/9/12 10:35 AM

Microsoft Security Bulletin Summary for October 2012

Published : October 09, 2012

Microsoft released 7 new security updates today, as part of their routine monthly security update cycle. As indicated below, one (1) is identified as critical and six (6) as Important. See the following post ("More About the October Security Updates") for additional details.

Microsoft also released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Critical: 1

MS12-064 - Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319)

Important: 6

MS12-065 - Vulnerability in Microsoft Works Could Allow Remote Code Execution (2754670)
MS12-066 - Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517)
MS12-067 - Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2742321)
MS12-068 - Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2724197)
MS12-069 - Vulnerability in Kerberos Could Allow Denial of Service (2743555)
MS12-070 - Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849)

Security Bulletin : http://technet.microsoft.com/en-us/security/bulletin/ms12-oct


Reply
Report offensive post
Email to friend

More About the October Security Updates

by Carol~ Moderator - 10/9/12 10:37 AM

In Reply to: Microsoft Security Bulletin Summary for October 2012 by Carol~ Moderator

From Dustin Childs @ the Microsoft Security Response Center:

As previously mentioned in the Advance Notification blog on Thursday, today we're releasing seven bulletins, one Critical-class and six Important-class bulletins. Before we discuss those releases, let's take a closer look at the Security Advisories we also released today.

Security Advisory 2661254

We began discussing this issue in June, and originally released this advisory in August. Today we're moving the update from being available on the Download Center to distributing it through Windows Update. This is the final step in our move to help folks strengthen their certificates by requiring them to have an RSA key length of at least 1024 bits.

Security Advisory 2749655

The update addresses potential compatibility issues due to a signature timestamp on valid files expiring before it should. This advisory will improve your overall security profile, rather than addressing an issue in a specific product. While there has been no certificate compromise related to this issue, if un-addressed, it could affect your ability to install future updates, including security updates. Dustin Ingalls and Jonathan Ness discuss this issue in further detail on the SRD blog <link>. This update is available through Automatic Updates as well as the Windows Update Catalog and Download Center.

Security Updates

For Update Tuesday, we're releasing seven bulletins that address 20 issues in Microsoft Windows, SQL Server, and Office including SharePoint, Lync, Microsoft Works (which reaches the end of its support lifecycle this week) and InfoPath. Customers should plan to install all of these updates as soon as possible. For those who must prioritize deployment, we recommend focusing on the critical update, MS12-064 first:

MS12-064 (Microsoft Word): This security update resolves two issues in Microsoft Office. This bulletin has a severity rating of Critical and can result in remote code execution. Only one of the two issues addressed by this bulletin is rated Critical, but in that case, an attacker could run code in the context of the logged- on user if they were to open a specially crafted Rich Text Format (RTF) file or previews or open a specially crafted RTF email message.

Notably, one of the other bulletins, MS12-067, addresses the issue first described in Security Advisory 2737111. While this issue was publicly known, we're not aware of any attacks or customer impact.

Continued : http://blogs.technet.com/b/msrc/archive/2012/10/09/welcome-to-the-1024-bit-world-and-the-october-security-updates.aspx


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close