All men are frauds. The only difference between them is that some admit it. I myself deny it. - H.L. Mencken
SOFTWARE BUG FACTORY Microsoft's October Patch Tuesday security update includes seven bulletins and an update to the way Windows handles security keys.
The company said that the Patch Tuesday release fixes 20 security vulnerabilities, including two it rated as Critical risks and top deployment priorities.
The lone critical bulletin remedies two security issues in the way Word handles Rich Text Format (RTF) code in documents and email messages. If exploited, the flaws could be used by attackers for remote code execution attacks.
"Only one of the two issues addressed by this bulletin is rated Critical, but in that case, an attacker could run code in the context of the logged- on user if they were to open a specially crafted Rich Text Format (RTF) file or previews or open a specially crafted RTF email message," the firm said in a TechnNet security blog post.
Other bulletins in the October update address flaws in Office, Sharepoint, SQL Server, Lync and Windows. The remaining six bulletins are rated as Important and include fixes for vulnerabilities that risk remote code execution, denial of service and elevation of privileges.
Microsoft also issued the "final step" in its efforts to improve encryption practices. The company on Tuesday made good on a promise to disable RSA security keys that are less than 1024 bits in length.
Paul Henry, forensics and security analyst with Lumension said that administrators should have long since prepared for the change, and those who have not are well advised to do so immediately.
"This patch has been optional since August and we hope you've taken the time to test it and patch it," Henry said.
"It will no longer be optional after today's patches. Don't let this be an 'I told you so' moment." µ
Sign up for INQbot – a weekly roundup of the best from the INQ