Microsoft Patch Tuesday Issues Updates, Takes A Do-Over

By Ken Presti
October 09, 2012 4:54 PM ET

Page 1 of 2

This month's Microsoft Patch Tuesday features seven security bulletins, one of which is rated critical and could potentially expose machines to remote code access from the Outlook preview pane, but the company is also dealing with a glitch that will cause at least four patches to be re-issued because of a certificate problem.

According to Microsoft, a clerical error caused a subset of binaries processed by the PRSS lab between June 12 and Aug. 14 to be digitally signed with a flawed time stamp that will cause the digital signature to become prematurely invalid. Microsoft will therefore re-sign and redistribute all of the affected files and packages.

The Redmond, Wash.-based company has already re-released MS12-053, MS12054, MS12-055 and MS12-058. Additional replacements are likely to be forthcoming. All customers are advised to apply the re-released updates as soon as they become available.

In terms of new patches for October, the highlight is MS12-064, which is intended to resolve two privately reported vulnerabilities in Microsoft Office, one of which could enable remote code execution through a malicious RTF file. User rights play a significant role in this exploit, according to Lamar Bailey, director of security research and development at nCircle.

"If you are logged in as a lower-privileged user, then there's not a lot that the attacker can do," he said. "But if your login is admin, then they have total control of your system. But even if the user has the ability to install programs, that's usually all it would take."

Bailey added that in some cases it may be advisable to turn off preview panes.

RTF files are useful to hackers because of their ability to pass through security features common to most systems.

"Outlook 2007 uses Word by default to read emails, so there could be a potential fishing expedition by hackers with malicious RTF documents," said Jason Miller, manager of research and development at VMware. "RTF documents are usually not blocked by email servers. So, these could flow into your user's inbox."

NEXT: 'Important' Patches For SQL Server, Microsoft Works, And More

1 | 2 | Next >>

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	Head-To-Head: Symantec Vs. McAfee In Endpoint Protection McAfee and Symantec are archrivals with a firm grip on the North American security market. CRN pits both vendors' endpoint security products against each other and names a winner.
	The 8 Steps Behind The Massive $45M Cyber Bank Heist More than $45 million was stolen from banks in the U.S. and 19 other countries in a scheme that law enforcement is calling an international conspiracy to drain millions from bank accounts using stolen debit cards and PIN numbers. Here's how they did it.
	Name Of The Game: Top 10 States For Identity Theft A Federal Trade Commission report provides statistics on identity theft and fraud complaints in 2012. Learn which state has the dubious distinction of having the most victims.
	More Slide Shows