Newsletters
Technology, Discovery & Innovation NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Computing Digital Life Discovery Space More Topics...
Windows Security
Average Rating:
Rate this article:  
Light Patch Tuesday, But New Security Advisories Emerge

Light Patch Tuesday, But New Security Advisories Emerge
By Jennifer LeClaire

Share
Share on Facebook Share on Twitter Share on Linkedin Share on Google Plus

Besides the seven bulletins, Microsoft is publishing several security advisories. In October, KB2661254 is being switched to automatic download and will start enforcing a minimum of 1024-bit key length for certificates. Key lengths of under 1024 bits are forge-able and certificate authorities have stopped producing such certificates.
 


Microsoft on Tuesday issued seven bulletins to patch 20 vulnerabilities. Only one patch is critical. The rest are important. But despite the light cycle, IT admins can expect more Microsoft-related work in October.

Andrew Storms, director of security operations for nCircle, said Microsoft is re-releasing a number of patches this month -- in addition to the seven bulletins released as part of the regular patch Tuesday schedule and Monday's Adobe Flash update distributed to Windows 8 users via Windows Update.

Patch Re-Release

"These patches were released earlier this year and have to be re-released due to clerical error with the code signing process at release time. We're also seeing a re-release of an XML Core Services for Windows 8 users, a preventative measure to protect users against potential malicious use of MSXML," Storms told us.

As Storms sees it, the good news is that IT admins don't have to patch Internet Explorer this month since routine fixes were bundled into last month's out-of-band update and, with one exception, the other fixes are fairly tame.

"The RTF bug in Microsoft Word warrants special attention since users can be exploited simply by previewing a malicious RTF file in Outlook," Storms said. "Security teams should prioritize, distribute and install this fix as soon as possible."

Patch this First

We also asked Wolfgang Kandek, CTO of Qualys, for his insights into Microsoft's monthly release. He told us the "critical" bulletin fixes two vulnerabilities in Microsoft Word and applies to all versions of Microsoft Office.

"It addresses a vulnerability that can be exploited via a malicious RTF formatted e-mail through the Outlook Preview pane without having to open the e-mail," Kandek said. "Since the development complexity of an attack against this vulnerability is low, we believe this vulnerability will be the first to have an exploit developed and recommend applying the MS12-064 update as quickly as possible."

New Security Advisories

Besides the seven bulletins, Microsoft is publishing several security advisories. In October, KB2661254 is being switched to automatic download and will start enforcing a minimum of 1024-bit key length for certificates. Key lengths of under 1024 bits are forge-able and certificate authorities have stopped producing such certificates for several years now, he said.

"KB2749655 is a new advisory and explains a problem in Microsoft's code-signing infrastructure. During the three months in the summer of 2012, a number of binary files in Microsoft Security Bulletins were signed in a flawed way that will lead to their loss of validity, causing them to stop working in January 2013," Kandek said.

"To solve the problem, Microsoft will publish new versions of the affected bulletins, and organizations will need to reinstall the affected updates. This month the updated packages are MS12-053, MS12-054, MS12-055 and MS12-058."
 

Tell Us What You Think
Comment:

Name:

Jamos:

Posted: 2012-10-11 @ 7:22am PT
This patch breaks ICS.



Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.


 Windows Security
1.   Microsoft Patch Tuesday Stars IE
2.   Kaspersky Looks Inside 'Epic' Attack
3.   MS Plans Final Windows 8.1 Tweak
4.   Barracuda Secures Microsoft Azure
5.   Windows 7 Ends Mainstream Support


advertisement
Kaspersky Looks Inside 'Epic' Attack
Ongoing cyber-espionage analyzed.
Average Rating:
Microsoft Patch Tuesday Stars IE
Biz should focus on browser bulletin.
Average Rating:
MS Plans Final Windows 8.1 Tweak
Focus shifts to upcoming Windows 9.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Chinese Hackers Nab Info on Millions of U.S. Patients
A group of Chinese hackers has stolen the personal information, including names and Social Security numbers, of about 4.5 million patients at hospitals operated by Community Health Systems.
 
Premier FBI Cybersquad in U.S. To Add Agents
After helping prosecutors charge Chinese army officials with stealing trade secrets from major companies and by snaring a Russian-led hacking ring, the premier FBI cyber-squad is getting a boost.
 
Apple Opens iCloud Data Center in China
Treading lightly, Apple acknowledged it has started to store encrypted iCloud personal data of some Chinese users on servers in mainland China, operated by the state-owned China Telecom.
 

Enterprise Hardware Spotlight
Compression, Deduplication Come to Violin Concerto 2200
Violin Memory has announced that data deduplication and compression capabilities are now available on its Concerto 2200 solution. Typically, users will experience deduplication rates between 6:1 and 10:1.
 
Cisco Axes 6,000 Employees in Restructuring Plan
Faced with declining profits, Cisco is laying off up to 6,000 employees in the months ahead -- a whopping 8 percent of its global workforce. That's in addition to the 4,000 jobs Cisco cut last year.
 
Web Slows, Have Internet Routers Reached The Limit?
If you encountered problems connecting to the Internet on August 12, you weren't alone. Networking experts blame the wide-scale slowdown on outdated routing systems that are reaching their limits.
 

Mobile Technology Spotlight
HTC Debuts Windows Phone Version of One M8 Smartphone
HTC is bringing the Windows Phone mobile OS to its flagship One M8 device -- the first time any mainstream flagship smartphone has been offered with a choice of operating systems.
 
Verizon Earns Top Rating in Mobile Network Comparison
A new report says Verizon Wireless was the top-performing U.S. cellphone service provider in the first half of 2014, on a nationwide and state-by-state basis, as well as in metro areas.
 
Sprint Comes Out with Data Guns Blazing
As its new CEO promised, Sprint has rolled out a new aggressively competitive price plan. The shared data plans promise twice the high-speed data and at lower prices than AT&T and Verizon Wireless.
 

Navigation
Sci-Tech Today
Home/Top News | Computing | Digital Life | Discovery | Space | Innovation | Health | Science News
Environment
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.