Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrade.
Please accept our apologies in advance for any inconvenience this might cause.

Microsoft Patch Tuesday - October 2012

Created: 09 Oct 2012 17:55:37 GMT • Updated: 23 Jan 2014 18:12:11 GMT • Translations available: 日本語
Candid Wueest's picture
+2 2 Votes
Login to vote

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing seven bulletins covering a total of 20 vulnerabilities. One of this month's issues is rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the October releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms12-Oct

The following is a breakdown of the issues being addressed this month:

  1. MS12-064 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution

    Word PAPX Section Corruption Vulnerability (CVE-2012-0182) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Word handles specially crafted Word files. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

    RTF File listid Use-After-Free Vulnerability (CVE-2012-2528) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Microsoft Office handles specially crafted RTF files. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

  2. MS12-065 Vulnerability in Microsoft Works Could Allow Remote Code Execution

    Works Heap Vulnerability (CVE-2012-2550) MS Rating: Important

    A remote code execution vulnerability exists in the way that affected versions of Microsoft Works parse specially crafted RTF data. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

  3. MS12-066 Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege

    HTML Sanitization Vulnerability (CVE-2012-2520) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that HTML strings are sanitized. An attacker who successfully exploited this vulnerability could perform cross-site scripting attacks and run script in the security context of the logged-on user.

  4. MS12-067 Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution

    Oracle Outside In library contains multiple exploitable vulnerabilities (CVE-2012-1766) MS Rating: Important

    Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint using the Advanced Filter Pack; an attacker could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.

    Oracle Outside In library contains multiple exploitable vulnerabilities (CVE-2012-1767) MS Rating: Important

    Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint using the Advanced Filter Pack; an attacker could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.

    Oracle Outside In library contains multiple exploitable vulnerabilities (CVE-2012-1768) MS Rating: Important

    Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint using the Advanced Filter Pack; an attacker could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.

    Oracle Outside In library contains multiple exploitable vulnerabilities (CVE-2012-1769) MS Rating: Important

    Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint using the Advanced Filter Pack; an attacker could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.

    Oracle Outside In library contains multiple exploitable vulnerabilities (CVE-2012-1770) MS Rating: Important

    Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint using the Advanced Filter Pack; an attacker could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.

    Oracle Outside In library contains multiple exploitable vulnerabilities (CVE-2012-1771) MS Rating: Important

    Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint using the Advanced Filter Pack; an attacker could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.

    Oracle Outside In library contains multiple exploitable vulnerabilities (CVE-2012-1772) MS Rating: Important

    Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint using the Advanced Filter Pack; an attacker could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.

    Oracle Outside In library contains multiple exploitable vulnerabilities (CVE-2012-1773) MS Rating: Important

    Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint using the Advanced Filter Pack; an attacker could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.

    Oracle Outside In library contains multiple exploitable vulnerabilities (CVE-2012-3106) MS Rating: Important

    Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint using the Advanced Filter Pack; an attacker could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.

    Oracle Outside In library contains multiple exploitable vulnerabilities (CVE-2012-3107) MS Rating: Important

    Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint using the Advanced Filter Pack; an attacker could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.

    Oracle Outside In library contains multiple exploitable vulnerabilities (CVE-2012-3108) MS Rating: Important

    Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint using the Advanced Filter Pack; an attacker could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.

    Oracle Outside In library contains multiple exploitable vulnerabilities (CVE-2012-3109) MS Rating: Important

    Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint using the Advanced Filter Pack; an attacker could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.

    Oracle Outside In library contains multiple exploitable vulnerabilities (CVE-2012-3110) MS Rating: Important

    Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint using the Advanced Filter Pack; an attacker could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.

  5. MS12-068 Vulnerability in Windows Kernel Could Allow Elevation of Privilege

    Windows Kernel Integer Overflow Vulnerability (CVE-2012-2529) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

  6. MS12-069 Vulnerability in Kerberos Could Allow Denial of Service

    Kerberos NULL Dereference Vulnerability (CVE-2012-2551) MS Rating: Important

    A denial of service vulnerability exists when the Microsoft Kerberos implementation fails to properly handle a specially crafted session. An attacker who successfully exploited this vulnerability could cause the system to stop responding and restart.

  7. MS12-070 Vulnerability in SQL Server Could Allow Elevation of Privilege

    Reflected XSS Vulnerability (CVE-2012-2552) MS Rating: Important

    A reflected XSS vulnerability exists in SQL Server Report Manager that could allow an attacker to inject a client-side script into the user's instance of Internet Explorer. The script could spoof content, disclose information, or allow the attacker to take actions in the context of the user on the affected site.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.