10-10-12 | Blog Post
Microsoft just released their Security Update for October, and there’s lots to talk about. There is one ‘critical’ update, and six labelled ‘important’. Also, the Vulnerability Impact ranges from Remote Code Execution, to Denial of Service, to Elevation of Privilege. Here’s the lowdown on these vulnerabilities, and what you need to do about them:
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution: This is the critical patch, actually resolving two different vulnerabilities at once within Microsoft Office. The worse of the two could allow remote code execution, and stems from a user opening (or even previewing) a specially crafted RTF file. This was successfully done, allowing the attacker the same rights as the current user. This is critical for all supported editions of Word 2007 and 2010. It’s considered ‘important’ for Word ‘03, and all supported versions of Microsoft Word Viewer, Microsoft Office Compatibility Pack, Microsoft Word Automation Services on Microsoft SharePoint Server 2010, and Microsoft Office Web Apps. This patch fixes the issue by changing the way Office handles memory when parsing specially crafted files. This may require a restart.
Vulnerability in Microsoft Works Could Allow Remote Code Execution: Related to the vulnerabilities above, if opening a specially crafted Word file using Works, an attacker has the potential to gain the same rights as the current user. This is for Microsoft Works 9. This patch is going to change the way that Works converts Word documents. This may also require a restart.
Vulnerability in HTML Sanitization Component Could Allow Elevation Of Privilege: This patch is for Microsoft Office, Microsoft Communications Platforms, Microsoft Server software, and Microsoft Web Apps. If someone sends specially crafted content, they could be allowed an elevation of privilege. The patch modifies the way HTML strings are sanitized, and may require a restart.
Vulnerabilities In FAST Search Server 2010 For SharePoint Parsing Could Allow Remote Code Execution: The vulnerability in Microsoft FAST Search for SharePoint can allow remote code execution in the security context of a user account with a restricted token. The issue can only affect FAST Search Server when the Advanced Filter Pack is enabled (which is disabled by default). The affected Oracle Outside In libraries will be updated to resolve the issue. This may require a restart.
Vulnerability in Windows Kernel Could Allow Elevation Of Privilege: This is due to a vulnerability within all supported releases of Windows, with the exception of Windows 8 and Windows Server 2012. This is important for all supported editions of Windows XP, Windows Server 2003, Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. This vulnerability could be exploited by an attacker logging into the system and executing a specially crafted application, potentially allowing an elevation of privilege. In order to exploit this vulnerability, the attacker would have to have valid logon credentials and log on locally. This patch is going to correct the way the Windows kernel handles objects in memory. This will require a restart.
Vulnerability in Kerberos Could Allow Denial Of Service: This vulnerability could allow a DoS attack by an attacker remotely sending a specially crafted session request to the Kerberos server. This is relevant to all supported editions of Windows 7 and Windows Server 2008 R2. Having a standard firewall configuration can help to protect the network from outside attacks. This will require a restart.
Vulnerability in SQL Server Could Allow Elevation Of Privilege: This patch resolves a vulnerability in Microsoft SQL Server on systems running SQL Server Reporting Services. It is a cross-site-scripting vulnerability that could allow an attacker to execute arbitrary commands on the SSRS site in the context of the targeted user, thus allowing an elevation of privilege. An attacker might exploit this by convincing a user to click on a specially crafted link, or having a webpage designed to attack this vulnerability. This update is important for Microsoft SQL Server 2000 Reporting Services Service Pack 2 and for systems running SQL Server Reporting Services (SSRS) on Microsoft SQL Server 2005 Service Pack 4, Microsoft SQL Server 2008 Service Pack 2, Microsoft SQL Server 2008 Service Pack 3, Microsoft SQL Server 2008 R2 Service Pack 1, and Microsoft SQL Server 2012. This may require a restart.
So, based on these updates, what’s the biggest takeaway? Based on the critical vulnerability, one of the things most worth mentioning is the idea of user access. Allowing everyone within a network to be the local admin on their own computer means that when there is a vulnerability exploited, it could allow an attacker access to the entire network. Giving users only the amount of access that is critically important for them to have, while not necessarily popular with the user (who may be interested in downloading many different applications, and doesn’t want to go through the inconvenience of getting permission to do so), it keeps an attacker restricted, and thus keeps your system more secure.
Read more about the security bulletins at Microsoft Security Bulletin Summary for October 2012.
