Microsoft Patch Tuesday Issues Updates, Takes A Do-Over4:54 PM EST Tue. Oct. 09, 2012
This month's Microsoft Patch Tuesday features seven security bulletins, one of which is rated critical and could potentially expose machines to remote code access from the Outlook preview pane, but the company is also dealing with a glitch that will cause at least four patches to be re-issued because of a certificate problem.
According to Microsoft, a clerical error caused a subset of binaries processed by the PRSS lab between June 12 and Aug. 14 to be digitally signed with a flawed time stamp that will cause the digital signature to become prematurely invalid. Microsoft will therefore re-sign and redistribute all of the affected files and packages.
The Redmond, Wash.-based company has already re-released MS12-053, MS12054, MS12-055 and MS12-058. Additional replacements are likely to be forthcoming. All customers are advised to apply the re-released updates as soon as they become available.
In terms of new patches for October, the highlight is MS12-064, which is intended to resolve two privately reported vulnerabilities in Microsoft Office, one of which could enable remote code execution through a malicious RTF file. User rights play a significant role in this exploit, according to Lamar Bailey, director of security research and development at nCircle.
"If you are logged in as a lower-privileged user, then there's not a lot that the attacker can do," he said. "But if your login is admin, then they have total control of your system. But even if the user has the ability to install programs, that's usually all it would take."
Bailey added that in some cases it may be advisable to turn off preview panes.
RTF files are useful to hackers because of their ability to pass through security features common to most systems.
"Outlook 2007 uses Word by default to read emails, so there could be a potential fishing expedition by hackers with malicious RTF documents," said Jason Miller, manager of research and development at VMware. "RTF documents are usually not blocked by email servers. So, these could flow into your user's inbox."
NEXT: 'Important' Patches For SQL Server, Microsoft Works, And More
Remaining patches are listed as "important" and close vulnerabilities in SQL Server, Microsoft Works, Kerberos and SharePoint. Two of the bulletins address additional concerns such as HTML sanitization and a vulnerability in the Windows kernel that could enable elevation of privilege.
"Look at the products that are being patched and then prioritize based on what's running on your network," advised VMware's Miller. "If you're a heavy SQL user, you could easily be vulnerable to a cross-site scripting attack, so that might be one that you move to the front of the line."
According to Paul Henry, security and forensic analyst at Lumension, Microsoft appears to be making headway in its ongoing drive to enhance OS security. He ties this improvement to the company's Secure Coding efforts.
"If you look at the numbers, last year at this time we had well over 80 patches; this year to date, we are at 70. So, that's a nice drop overall," he said. "Critical issues plaguing their operating systems seem to have dropped off. I hope it's not just a skew in the numbers.
"Shortly after XP, Microsoft really started to drill down hard on security," he continued. "They went overboard in many respects with Vista, and it began to impact user experience. So, they backed up and regrouped with Windows 7, which is really Vista Two. So, it looks like they're getting their ducks in a row."
PUBLISHED OCT. 9, 2012