Skip to content

Virtual Administrator’s October 2012 Patch Recommendations

7 Security Bulletins were released – 1 Critical and 6 Important

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

MS12-064 is the top priority this month.  After your next patch cycle completes you should follow up and make sure this is installed.  MS12-066 and MS12-067 are publicly disclosed and MS12-066 is already being exploited.

ONE out-of-band updates were released during the last month on 9/21/12.   We previously blogged about this, but make sure that MS12-063 – Cumulative Security Update for Internet Explorer is applied to your machines

Noteworthy Patch News

nothing

This Month In Brief

Exploitability

Requires Restart

  • Servers: Yes
  • Workstations: Yes

Known Issues per Microsoft

  • MS12-064 – check notes
  • MS12-066 – check notes
  • MS12-070 – check notes

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

MS12-064: (Office Word)       This security update resolves two privately reported vulnerabilities in Microsoft Office. The more severe vulnerability could allow remote code execution if a user opens or previews a specially crafted RTF file.
Details
KB in Kaseya: KB2553488,KB2687314,KB2687315,KB2687483
Affected Software: 2003,Office 2007,Word Viewer,Office Compatibility Pack,Office 2010,Office Web Apps 2010,SharePoint Server 2010
Known Issues per MS: http://support.microsoft.com/kb/2742319

IMPORTANT

MS12-065: (Works Converters) The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Word file using Microsoft Works.
Details
KB in Kaseya: KB2754670
Affected Software: Works 9
Known Issues per MS:None
MS12-066: (Microsoft Office, Communications Platforms, Server software, and Office Web Apps) The vulnerability could allow elevation of privilege if an attacker sends specially crafted content to a user.
Details
KB in Kaseya: KB2726382, KB2687405, KB2687417, KB2687436, KB2687439, KB2687440, KB2687442, KB2726391 Affected Software: SharePoint Services 3.0,SharePoint Foundation 2010,SharePoint Server 2007,Groove Server 2010,Web Apps SharePoint Server 2010,Lync 2010,Communicator 2007 R2,InfoPath 2007 and 2010
Known Issues per MS: http://support.microsoft.com/kb/2741517
MS12-067: (Fast Search Server) The vulnerability could allow remote code execution if a user opens a specially crafted file or embeds a specially crafted Computer Graphics Metafile (CGM) graphics file into an Office file.
Details
 KB in Kaseya: KB2742321
Affected Software: Fast Search Server 2010
Known Issues per MS: none
MS12-068: (Windows) The vulnerability could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.
Details
KB in Kaseya: KB2724197
Affected Software: XP, Vista, Server 2003, Server 2008, Server 2008 R2, Windows 7
Known Issues per MS: None
MS12-069: (Kerberos) The vulnerability could allow denial of service if a remote attacker sends a specially crafted session request to the Kerberos server. 
Details
KB in Kaseya: KB2743555
Affected Software: Server 2008 R2, Windows 7
Known Issues per MS: None
MS12-070: (SQL Server Report Manager) The vulnerability is a cross-site-scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the SSRS site in the context of the targeted user.
Details
KB in Kaseya: KB2716427, KB2716429, KB2716434, KB2716436, KB2716440, KB2716442
Affected Software: SQL Server 2000, 2005, 2008, 2008 R2, 2012
Known Issues per MS: http://support.microsoft.com/kb/2754849
Scroll To Top