Microsoft Patch Tuesday Issues Updates, Takes A Do-Over

By Ken Presti
October 09, 2012 4:54 PM ET

Page 1 of 2

This month's Microsoft Patch Tuesday features seven security bulletins, one of which is rated critical and could potentially expose machines to remote code access from the Outlook preview pane, but the company is also dealing with a glitch that will cause at least four patches to be re-issued because of a certificate problem.

According to Microsoft, a clerical error caused a subset of binaries processed by the PRSS lab between June 12 and Aug. 14 to be digitally signed with a flawed time stamp that will cause the digital signature to become prematurely invalid. Microsoft will therefore re-sign and redistribute all of the affected files and packages.

The Redmond, Wash.-based company has already re-released MS12-053, MS12054, MS12-055 and MS12-058. Additional replacements are likely to be forthcoming. All customers are advised to apply the re-released updates as soon as they become available.

In terms of new patches for October, the highlight is MS12-064, which is intended to resolve two privately reported vulnerabilities in Microsoft Office, one of which could enable remote code execution through a malicious RTF file. User rights play a significant role in this exploit, according to Lamar Bailey, director of security research and development at nCircle.

"If you are logged in as a lower-privileged user, then there's not a lot that the attacker can do," he said. "But if your login is admin, then they have total control of your system. But even if the user has the ability to install programs, that's usually all it would take."

Bailey added that in some cases it may be advisable to turn off preview panes.

RTF files are useful to hackers because of their ability to pass through security features common to most systems.

"Outlook 2007 uses Word by default to read emails, so there could be a potential fishing expedition by hackers with malicious RTF documents," said Jason Miller, manager of research and development at VMware. "RTF documents are usually not blocked by email servers. So, these could flow into your user's inbox."

NEXT: 'Important' Patches For SQL Server, Microsoft Works, And More

1 | 2 | Next >>

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	10 Emerging Security Technologies Gaining Interest, Adoption Despite some security defenses being only in their infancy, they are attracting interest for addressing BYOD issues, cloud security concerns and stolen account credentials. Here's a look at some of the top new security areas gaining industry interest.
	5 Government Intelligence Facilities You've Never Heard Of One facility has been around since the dawn of space exploration, while other buildings are still in construction. But, they all have serious data analysis and surveillance support activities associated with them.
	Data Breach Costs: 10 Ways You're Making It Worse A little planning and avoiding these 10 costly missteps can help mitigate the impact of a data security breach, according to the Ponemon Institute's latest research.
	More Slide Shows