Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing seven bulletins covering a total of 20 vulnerabilities. One of this month's issues is rated ’Critical’.
As always, customers are advised to follow these security best practices:
- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or questionable sources.
- Never visit sites of unknown or questionable integrity.
- Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the October releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms12-Oct
The following is a breakdown of the issues being addressed this month:
-
MS12-064 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution
Word PAPX Section Corruption Vulnerability (CVE-2012-0182) MS Rating: Important
A remote code execution vulnerability exists in the way that Microsoft Word handles specially crafted Word files. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
RTF File listid Use-After-Free Vulnerability (CVE-2012-2528) MS Rating: Critical
A remote code execution vulnerability exists in the way that Microsoft Office handles specially crafted RTF files. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
-
MS12-065 Vulnerability in Microsoft Works Could Allow Remote Code Execution
Works Heap Vulnerability (CVE-2012-2550) MS Rating: Important
A remote code execution vulnerability exists in the way that affected versions of Microsoft Works parse specially crafted RTF data. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
-
MS12-066 Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege
HTML Sanitization Vulnerability (CVE-2012-2520) MS Rating: Important
An elevation of privilege vulnerability exists in the way that HTML strings are sanitized. An attacker who successfully exploited this vulnerability could perform cross-site scripting attacks and run script in the security context of the logged-on user.
-
MS12-067 Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution
Oracle Outside In library contains multiple exploitable vulnerabilities (CVE-2012-1766) MS Rating: Important
Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint using the Advanced Filter Pack; an attacker could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.
Oracle Outside In library contains multiple exploitable vulnerabilities (CVE-2012-1767) MS Rating: Important
Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint using the Advanced Filter Pack; an attacker could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.
Oracle Outside In library contains multiple exploitable vulnerabilities (CVE-2012-1768) MS Rating: Important
Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint using the Advanced Filter Pack; an attacker could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.
Oracle Outside In library contains multiple exploitable vulnerabilities (CVE-2012-1769) MS Rating: Important
Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint using the Advanced Filter Pack; an attacker could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.
Oracle Outside In library contains multiple exploitable vulnerabilities (CVE-2012-1770) MS Rating: Important
Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint using the Advanced Filter Pack; an attacker could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.
Oracle Outside In library contains multiple exploitable vulnerabilities (CVE-2012-1771) MS Rating: Important
Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint using the Advanced Filter Pack; an attacker could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.
Oracle Outside In library contains multiple exploitable vulnerabilities (CVE-2012-1772) MS Rating: Important
Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint using the Advanced Filter Pack; an attacker could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.
Oracle Outside In library contains multiple exploitable vulnerabilities (CVE-2012-1773) MS Rating: Important
Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint using the Advanced Filter Pack; an attacker could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.
Oracle Outside In library contains multiple exploitable vulnerabilities (CVE-2012-3106) MS Rating: Important
Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint using the Advanced Filter Pack; an attacker could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.
Oracle Outside In library contains multiple exploitable vulnerabilities (CVE-2012-3107) MS Rating: Important
Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint using the Advanced Filter Pack; an attacker could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.
Oracle Outside In library contains multiple exploitable vulnerabilities (CVE-2012-3108) MS Rating: Important
Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint using the Advanced Filter Pack; an attacker could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.
Oracle Outside In library contains multiple exploitable vulnerabilities (CVE-2012-3109) MS Rating: Important
Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint using the Advanced Filter Pack; an attacker could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.
Oracle Outside In library contains multiple exploitable vulnerabilities (CVE-2012-3110) MS Rating: Important
Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint using the Advanced Filter Pack; an attacker could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.
-
MS12-068 Vulnerability in Windows Kernel Could Allow Elevation of Privilege
Windows Kernel Integer Overflow Vulnerability (CVE-2012-2529) MS Rating: Important
An elevation of privilege vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
-
MS12-069 Vulnerability in Kerberos Could Allow Denial of Service
Kerberos NULL Dereference Vulnerability (CVE-2012-2551) MS Rating: Important
A denial of service vulnerability exists when the Microsoft Kerberos implementation fails to properly handle a specially crafted session. An attacker who successfully exploited this vulnerability could cause the system to stop responding and restart.
-
MS12-070 Vulnerability in SQL Server Could Allow Elevation of Privilege
Reflected XSS Vulnerability (CVE-2012-2552) MS Rating: Important
A reflected XSS vulnerability exists in SQL Server Report Manager that could allow an attacker to inject a client-side script into the user's instance of Internet Explorer. The script could spoof content, disclose information, or allow the attacker to take actions in the context of the user on the affected site.
More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.