 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Microsoft Patch Summary
October 9, 2012
Overview
This month, Microsoft released seven patches that repair a total of 20 vulnerabilities. Of these vulnerabilities, there were 16 remote code execution vulnerabilities, three elevation of privilege vulnerabilities, and one cross-site scripting vulnerability.
Patch Precedence
Administrators are advised to patch MS12-064 immediately to prevent exploitation by attackers. Lastly, administrators should patch MS12-065, MS12-066, MS12-067, MS12-068, MS12-069, and MS12-070 as soon as possible.
As always, BeyondTrust suggests that all users apply Microsoft patches as fast as possible, preferably after testing the impact on internal applications and network continuity. For those who would like further information regarding the potential risks and remediation requirements of the patches announced today, please consider attending tomorrow's Vulnerability Expert Forum hosted by the BeyondTrust Security Research Team.
Register Now >>
|
|
|
|
|
|
|
|
|
|
Web Event:
Vulnerability Expert Forum (VEF)
Presenters:
The BeyondTrust Research Team
Date/Time:
Wednesday, Oct 10th
1pm PT / 4pm ET / 9pm GMT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Bulletin/Advisory Details
MS12-064
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319)
Microsoft Rating: Critical
CVE List: CVE-2012-0182 and CVE-2012-2528
Analysis:
This bulletin addresses 2 privately reported remote code execution vulnerabilities in Microsoft Word. The patch fixes a vulnerability that occurs when parsing PAPX sections in Word files. The patch also fixes a use-after-free vulnerability that occurs when parsing RTF files. An attacker that successfully exploited either of these vulnerabilities would gain user level access to the target machine.
Recommendation:
Install the patch immediately to prevent exploitation by attackers. Until the patch can be applied, read emails in plain text. Block Office 2003 (and earlier) files that are not from trusted sources. Use MOICE to open files from untrusted sources.
MS12-065
Vulnerability in Microsoft Works Could Allow Remote Code Execution (2754670)
Microsoft Rating: Important
CVE: CVE-2012-2550
Analysis:
This bulletin addresses a privately reported remote code execution vulnerability in Microsoft Works 9. The patch fixes a heap corruption vulnerability that occurs when parsing DOC files. An attacker that successfully exploited this vulnerability would gain user level access to the target machine.
Recommendation:
Deploy patches as soon as possible; no reasonable mitigation is available.
MS12-066
Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517)
Microsoft Rating: Important
CVE: CVE-2012-2520
Analysis:
This bulletin addresses a publicly reported elevation of privilege vulnerability in HTML Sanitization Component. The patch fixes a vulnerability that occurs when sanitizing HTML strings. An attacker that successfully exploited this vulnerability would be able to read content that they are not authorized to access, or perform actions on behalf of the victim within the context of the affected application.
Recommendation:
Deploy patches as soon as possible; no mitigation is available.
MS12-067
Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2742321)
Microsoft Rating: Important
CVE List: CVE-2012-1766, CVE-2012-1767, CVE-2012-1768, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, CVE-2012-3109, and CVE-2012-3110
Analysis:
This bulletin addresses 13 publicly reported remote code execution vulnerabilities in Microsoft FAST Search Server. The patch fixes multiple vulnerabilities in Oracle Outside In libraries, which are used by the Advanced Filter Pack to parse various file types. An attacker that successfully exploited these vulnerabilities could execute arbitrary code within a user account’s context that has a restricted token.
Recommendation:
Deploy patches as soon as possible. Until the patch can be installed, run the AdvancedFilterPack PowerShell script with the "-disable" flag to disable the Advanced Filter Pack on FAST Search Server 2010 for SharePoint.
MS12-068
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2724197)
Microsoft Rating: Important
CVE: CVE-2012-2529
Analysis:
This bulletin addresses a privately reported elevation of privilege vulnerability in the Windows kernel. The patch fixes an integer overflow vulnerability that occurs when improperly handling in-memory objects. A local attacker that successfully exploited this vulnerability would gain kernel level access to the target machine.
Recommendation:
Deploy patches as soon as possible; no mitigation is available.
MS12-069
Vulnerability in Kerberos Could Allow Denial of Service (2743555)
Microsoft Rating: Important
CVE: CVE-2012-2551
Analysis:
This bulletin addresses a privately reported denial of service vulnerability in Kerberos. The patch fixes a null pointer de-reference vulnerability that occurs when handling a specially crafted session. An attacker that successfully exploited this vulnerability would be able to cause the target system to restart.
Recommendation:
Deploy patches as soon as possible; no mitigation is available.
MS12-070
Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849)
Microsoft Rating: Important
CVE: CVE-2012-2552
Analysis:
This bulletin addresses a privately reported elevation of privilege vulnerability in SQL Server. The patch fixes a reflected cross-site scripting vulnerability that occurs when the Report Manager SQL Server site fails to validate a request parameter. An attacker that successfully exploited this vulnerability would be able to execute client-side script on behalf of the user that opened the attacker's malicious link.
Recommendation:
Deploy patches as soon as possible. Until the patch can be installed, enable the XSS filter in Internet Explorer (available in versions 8 and higher).
|
|
|
|
|
|
Feedback
The BeyondTrust staff welcomes any comments, questions or suggestions from our readers. We hope that you will not hesitate to contact us with any feedback you may have. Send all feedback to communications@beyondtrust.com.
Disclaimer
The information within this advisory may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.
Notice
Permission is hereby granted for the redistribution of this newsletter electronically. It is not to be edited in any way without the express consent of BeyondTrust. If you wish to reprint the whole or any part of this newsletter in any other medium excluding electronic medium, please email communications@beyondtrust.com for permission. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|