Microsoft Patch Tuesday: There’s something for everyone
October 9 has been marked as Microsoft Patch Tuesday. For all those who were expecting a huge array of security bulletins during this Halloween month, we have good news! This time Microsoft has rolled out only seven important bulletins, with only one critical update. These security patches will address a total of 20 vulnerabilities in various Microsoft products. Though most of the patches affect Office and Server software, there are some that affect Windows and SQL server. Let’s take a quick look at all the seven security bulletins and vulnerabilities that these bulletins aim to treat:
MS12-064: This is the most important patch that has been rated critical. MS12-064 details vulnerabilities in Microsoft Word 2003, 2007, and 2010. Microsoft advises users to apply this patch as soon as possible. This vulnerability in Microsoft Word allows hackers to send malicious files to user’s computer. These files, when opened or previewed, will fully compromise the victim’s computer and will allow attackers to carry out a phishing attack.
MS12-065: Microsoft Works is a low cost alternative to Microsoft Office. So if you are one of those who use Microsoft Works 9 to open their Word documents, then this security patch is for you. Like Microsoft Word, Microsoft Works 9 also suffers from a vulnerability that allows remote execution if a malicious Word file has been opened through Microsoft Works.
MS12-066: Another important bulletin that affects a plethora of web-based office applications, including SharePoint 2007 and 2010, InfoPath 2007 and 2010, Groove 2010, Microsoft Communicator 2007, Lync 2010, and Web Apps 2010. This patch fixes HTML sanitization, which, if left untreated, provides hackers privilege escalation.
MS12-067: This security patch is for organizations that run Microsoft FAST Search Server 2010 for SharePoint. Through this vulnerability, the attacker can exploit the organizations if they are able to upload a malicious file onto a SharePoint server.
MS12-068: This is an elevation of privileges. In this, attacker can gain access to a system either through valid credentials or due to some vulnerability.Â After accessing the system, an attacker can use this vulnerability to gain access to the administrator to compromise the security of the system.
MS12-069: It applies to Windows 7 and Windows 2008 R2. This patch addresses a DOS-style vulnerability in which a malformed Kerberos packet can crash the target computer by creating a ‘denial of service’ attack.
MS12-070: This is an XSS vulnerability. It affects Microsoft SQL Server’s web interface. Like others, it also results in an escalation of privileges.
Microsoft urges its users to apply the bulletin and patch vulnerabilities as soon as possible.
Image credit: CAST Software