Page 1 of 2
This month's Microsoft Patch Tuesday features seven security bulletins, one of which is rated critical and could potentially expose machines to remote code access from the Outlook preview pane, but the company is also dealing with a glitch that will cause at least four patches to be re-issued because of a certificate problem.
According to Microsoft, a clerical error caused a subset of binaries processed by the PRSS lab between June 12 and Aug. 14 to be digitally signed with a flawed time stamp that will cause the digital signature to become prematurely invalid. Microsoft will therefore re-sign and redistribute all of the affected files and packages.
The Redmond, Wash.-based company has already re-released MS12-053, MS12054, MS12-055 and MS12-058. Additional replacements are likely to be forthcoming. All customers are advised to apply the re-released updates as soon as they become available.
In terms of new patches for October, the highlight is MS12-064, which is intended to resolve two privately reported vulnerabilities in Microsoft Office, one of which could enable remote code execution through a malicious RTF file. User rights play a significant role in this exploit, according to Lamar Bailey, director of security research and development at nCircle.
"If you are logged in as a lower-privileged user, then there's not a lot that the attacker can do," he said. "But if your login is admin, then they have total control of your system. But even if the user has the ability to install programs, that's usually all it would take."
Bailey added that in some cases it may be advisable to turn off preview panes.
RTF files are useful to hackers because of their ability to pass through security features common to most systems.
"Outlook 2007 uses Word by default to read emails, so there could be a potential fishing expedition by hackers with malicious RTF documents," said Jason Miller, manager of research and development at VMware. "RTF documents are usually not blocked by email servers. So, these could flow into your user's inbox."