Microsoft to release seven bulletins
Posted on 05 October 2012.
Microsoft Security Bulletin Advance Notification for October 2012 contains seven bulletins, one critical and six rated as important.

It should be a relief to many that none of the bulletins requires immediate attention, as none of them address vulnerabilities being exploited in the wild; all were privately reported vulnerabilities. This means that there isn’t any publicly known exploit code for this month’s bulletin cycle.

Bulletin 1, marked as critical, is a vulnerability in Microsoft Office 2003, 2007, and 2010 as well as Word Viewer and Microsoft Office Web Apps. This vulnerability required a victim to open up a malicious file or even preview a malicious file in Outlook Web Access. This vulnerability could result in the complete compromise of a system if exploited.

Since this is an Office vulnerability this may affect both Windows and Macintosh users.

Microsoft will also be issuing an update this Tuesday that will deprecate the use of certificates that are less than 1024 bit encrypted. This could result in headaches for organizations who still have legacy certificates in production. This weekend will be the last weekend to clean up legacy certificates before next Tuesday.

Per Microsoft, some known issues that customers may encounter after applying this update may include:
  • Error messages when browsing websites that have SSL certificates with keys that are less than 1024 bits
  • Problems enrolling for certificates when a certificate request attempts to utilize a key that is less than 1024 bits
  • Difficulties creating or consuming email (S/MIME) messages that utilize less than 1024 bit keys for signatures or encryption
  • Difficulties installing Active X controls that were signed with less than 1024 bit signatures
  • Difficulties installing applications that were signed with less than 1024 bit signatures (unless they were signed prior to January 1, 2010, which will not be blocked by default).


Author: Marcus Carey, security researcher at Rapid7.





Spotlight

Black hole routing: Not a silver bullet for DDoS protection

As ISPs, hosting providers and online enterprises around the world continue suffering the effects of DDoS attacks, often the discussions that follow are, “What is the best way to defend our networks and our customers against an attack?”


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Mon, Mar 2nd
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //