The Inquirer-Home

Microsoft's October Patch Tuesday releases seven updates

Fixes a critical flaw and changes RSA key update
Wed Oct 10 2012, 10:51
New Microsoft logo

SOFTWARE BUG FACTORY Microsoft's October Patch Tuesday security update includes seven bulletins and an update to the way Windows handles security keys.

The company said that the Patch Tuesday release fixes 20 security vulnerabilities, including two it rated as Critical risks and top deployment priorities.

The lone critical bulletin remedies two security issues in the way Word handles Rich Text Format (RTF) code in documents and email messages. If exploited, the flaws could be used by attackers for remote code execution attacks.

"Only one of the two issues addressed by this bulletin is rated Critical, but in that case, an attacker could run code in the context of the logged- on user if they were to open a specially crafted Rich Text Format (RTF) file or previews or open a specially crafted RTF email message," the firm said in a TechnNet security blog post.

Other bulletins in the October update address flaws in Office, Sharepoint, SQL Server, Lync and Windows. The remaining six bulletins are rated as Important and include fixes for vulnerabilities that risk remote code execution, denial of service and elevation of privileges.

Microsoft also issued the "final step" in its efforts to improve encryption practices. The company on Tuesday made good on a promise to disable RSA security keys that are less than 1024 bits in length.

Paul Henry, forensics and security analyst with Lumension said that administrators should have long since prepared for the change, and those who have not are well advised to do so immediately.

"This patch has been optional since August and we hope you've taken the time to test it and patch it," Henry said.

"It will no longer be optional after today's patches. Don't let this be an 'I told you so' moment." µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015